Export (0) Print
Expand All

RequireStrongKey

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type

Range

Default value

REG_DWORD

0 | 1

0

Description

Determines whether the system requires that all secure channel keys be computed using a strong key. If it does, the trusted domain controller on the other side of the channel must be able to compute strong keys. For public, non-exportable keys, a strong key is one that is 128 bytes or longer.

All secure channels have keys. The keys are used for authentication, signing, or encryption, depending on the capability and requirements of the systems.

Value

Meaning

0

The system does not require that the trusted domain controller be able to compute a strong key.

1

The system requires that the trusted domain controller be able to compute a strong key. If the domain controller on the other side of the channel does not support strong key encryption, this system refuses to establish a channel.

Note Image Note

This entry should be set to 1 only when all of the trusted domains are able to compute strong keys.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Related Entries

Page Image

SignSecureChannel

Page Image

SealSecureChannel

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft