NoteHKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
| Data type | Range | Default value |
|---|---|---|
| REG_DWORD | 0 | 0x10 | 0x20 | 0x80000 | 0x20000000 | 0 |
Specifies the minimum required security setting for client-side network connections by applications using the NTLMSSP security provider.
| Value | Meaning |
|---|---|
| 0 | None. No security is used for either authentication or session security. |
| 0x10 | Message integrity. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x10, the connection will fail if message integrity is not negotiated. |
| 0x20 | Message confidentiality. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x20, the connection will fail if message confidentiality is not negotiated. |
| 0x80000 | NTLMv2 session security. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2 session security is not negotiated. |
| 0x20000000 | 128 bit encryption. If either NtlmMinClientSec or NtlmMinServerSec is set to 0x20000000, the connection will fail if message confidentiality is in use but 128-bit encryption is not negotiated. |
You must restart Windows to make changes to this entry effective.
Note
These settings will not guarantee that message integrity or confidentiality will actually be used by an application even when they are negotiated. For more information, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Article Q147706, or use the keywords LM authentication.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
For more information about Windows 2000 security, see the Windows 2000 Distributed Systems Guide.
Related Entries
