ksetup setenctypeattr
Sets the encryption type attribute for the domain. A status message is displayed upon successful or failed completion.
You can view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, by running the klist command and viewing the output. You can set the domain to connect to and use, by running the ksetup /domain <domainname> command.
Syntax
ksetup /setenctypeattr <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
Parameters
| Parameter | Description |
|---|---|
<domainname> |
Name of the domain to which you want to establish a connection. Use the fully qualified domain name or a simple form of the name, such as corp.contoso.com or contoso. |
| encryption type | Must be one of the following supported encryption types:
|
Remarks
- You can set or add multiple encryption types by separating the encryption types in the command with a space. However, you can only do so for one domain at a time.
Examples
To view the encryption type for the Kerberos ticket-granting ticket (TGT) and the session key, type:
klist
To set the domain to corp.contoso.com, type:
ksetup /domain corp.contoso.com
To set the encryption type attribute to AES-256-CTS-HMAC-SHA1-96 for the domain corp.contoso.com, type:
ksetup /setenctypeattr corp.contoso.com AES-256-CTS-HMAC-SHA1-96
To verify that the encryption type attribute was set as intended for the domain, type:
ksetup /getenctypeattr corp.contoso.com
Related links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for