Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Description

This security setting allows a client to require the negotiation of message confidentiality (encryption), message integrity, 128-bit encryption, or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value.

  • Require message integrity. The connection will fail if message integrity is not negotiated. The integrity of a message can be assessed through message signing. Message signing proves that the message has not been tampered with by attaching a cryptographic signature which identifies the sender and is a numeric representation of the contents of the message. This signature ensures that the message has not been tampered with.

  • Require message confidentiality. The connection will fail if encryption is not negotiated. Encryption converts data into a form that is not readable by anyone until decrypted.

  • Require NTLMv2 session security. The connection will fail if the NTLMv2 protocol is not negotiated. For more information about NTLM and NTLMv2, see Logon and Authentication; at the Microsoft Windows Resource Kits Web site.

  • Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.

Default: No requirements.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

Important

  • This setting will apply to any computers running Windows 2000 through changes in the registry but the security setting will not be viewable through the Security Configuration Manager tool set.

For more information, see: