NtlmMinClientSec

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Data type Range Default value
REG_DWORD 0 | 0x10 | 0x20 | 0x80000 | 0x20000000 0

Description

Specifies the minimum required security setting for client-side network connections by applications using the NTLMSSP security provider.

Value Meaning
0 None. No security is used for either authentication or session security.
0x10 Message integrity. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x10, the connection will fail if message integrity is not negotiated.
0x20 Message confidentiality. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x20, the connection will fail if message confidentiality is not negotiated.
0x80000 NTLMv2 session security. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2 session security is not negotiated.
0x20000000 128 bit encryption. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x20000000, the connection will fail if message confidentiality is in use but 128-bit encryption is not negotiated.
 

Activation method

You must restart Windows to make changes to this entry effective.

Note Image Note

These settings will not guarantee that message integrity or confidentiality will actually be used by an application even when they are negotiated. For more information, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Article Q147706, or use the keywords LM authentication.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

For more information about Windows 2000 security, see the Windows 2000 Distributed Systems Guide.

Related Entries

Page Image