Ksetup:setenctypeattr
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows 8
Sets the encryption type attribute for the domain. For examples of how this command can be used, see Examples.
Syntax
ksetup /setenctypeattr <Domain name> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
Parameters
Parameter |
Description |
|---|---|
<DomainName> |
Name of the domain to which you want to establish a connection. Use the fully qualified domain name or a simple form of the name, such as corp.contoso.com or contoso. |
Encryption type |
Must be one of the following supported encryption types:
|
Remarks
To view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, run the klist command and view the output.
You can set or add multiple encryption types by separating the encryption types in the command with a space. However, you can only do so for one domain at a time.
If the command succeeds or fails, a status message is displayed.
To set the domain that you want to connect to and use, run the ksetup /domain <DomainName> command.
Examples
Determine the current encryption types that are set on this computer:
klist
Set the domain to corp.contoso.com:
ksetup /domain corp.contoso.com
Set the encryption type attribute to AES-256-CTS-HMAC-SHA1-96 for the domain corp.contoso.com:
ksetup /setenctypeattr corp.contoso.com AES-256-CTS-HMAC-SHA1-96
Verify that the encryption type attribute was set as intended for the domain:
ksetup /getenctypeattr corp.contoso.com