SignSecureChannel
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
1 |
Description
Specifies whether outgoing secure channel traffic is signed. This entry is used when negotiating the conditions of a secure channel with a domain controller. If this value of this entry is 1 and the domain controller supports signing, the secure channel traffic is signed.
Channel traffic security is determined jointly by the value of this entry and the values of the entries RequireStrongKey, RequireSignOrSeal, and SealSecureChannel. Because encryption is more secure than signing, the system behaves as if the value of this entry is 1, even if it is zero, when the value of sealsecurechannel is 1.
| Value | Meaning |
|---|---|
0 |
Outgoing traffic on a secure channel should not be signed. |
1 |
Outgoing traffic on a secure channel should be signed if the domain controller supports signing. |
Note
- Windows Server 2003 and Windows 2000 add this entry to the registry when you install the system for the first time or when you change the default value. If you upgrade from Windows NT 4.0 or earlier, the entry does not appear in the registry, but it is still in effect on your system.