RequireSignOrSeal
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Data type |
Range |
Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Determines whether the system requires that all secure channel communications be either signed or sealed.
The security specifications for secure channel traffic are determined jointly by the value of this entry and the values of the RequireStrongKeysignsecurechannel and sealsecurechannel entries.
Value |
Meaning |
|---|---|
0 |
Channel traffic need not be signed or sealed. Instead, the security of channel traffic is negotiated with the domain controller. System preferences in the negotiation of traffic security are determined by the values of signsecurechannel and sealsecurechannel . |
1 |
Outgoing traffic on a secure channel must be either signed or sealed. If the domain controller on the other side of the channel does not support signing or sealing, the system refuses to establish a channel. If the value of sealsecurechannel is 1, traffic must be encrypted; otherwise, it must be signed. |
.gif)
Note
The value of this entry should be set to 1 only when all of the trusted domains support signed and sealed communications.
Windows 2000 adds this entry to the registry when you install the system for the first time or when you change the default value. This entry might not appear in the registry, for example, if you upgrade to Windows 2000 from a system running Windows NT 4.0 that does not define this entry. If this entry does not appear in the registry, the system behaves as though the value is 0
Related Entries
.gif)