Export (0) Print
Expand All

SealSecureChannel

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type

Range

Default value

REG_DWORD

0 | 1

1

Description

Determines whether outgoing secure channel traffic is encrypted (sealed).

Channel traffic security is determined jointly by the value of this entry and the values of the RequireStrongKeyrequiresignorseal and signsecurechannel entries.

When requiresignorseal is set to 1, sealsecurechannel determines whether encryption (sealing) is required for a secure channel. When requiresignorseal is set to 0, sealsecurechannel specifies this system's preferences when negotiating with the domain controller on the other side of the channel. Also, because encryption is more secure than signing, when the value of this entry is 1, it takes precedence over the value of signsecurechannel .

Value

Meaning

0

Outgoing traffic on a secure channel need not be encrypted. However, if the value of signsecurechannel is 1, outgoing traffic must be signed.

1

Outgoing traffic on a secure channel must be encrypted. This specification is enforced when the value of requiresignorseal is 1.

Note Image Note

Windows 2000 adds this entry to the registry when you install the system for the first time or when you change the default value. If you upgrade from Windows NT 4.0 or earlier, the entry does not appear in the registry, but it is still in effect on your system.

Related Entries

Page Image

requiresignorseal

Page Image

signsecureshannel

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft