sealsecurechannel

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD 0 | 1 1

Description

Determines whether outgoing secure channel traffic should be encrypted (sealed).

Channel traffic security is determined jointly by the value of this entry and the values of RequireStrongKey, requiresignorseal and signsecurechannel.

When requiresignorseal is set to 1, this entry determines whether encryption (sealing) is required for a secure channel. When requiresignorseal is set to 0, this entry specifies this system's preferences when negotiating with the domain controller on the other side of the channel. Also, because encryption is more secure than signing, when the value of this entry is 1, it takes precedence over the value of signsecurechannel.

Value Meaning
0 False. Outgoing traffic on a secure channel need not be encrypted. However, if the value of signsecurechannel is 1, outgoing traffic should be signed.
1 True. Outgoing traffic on a secure channel should be encrypted. This specification is enforced when the value of requiresignorseal is 1.

Note Image Note

Windows 2000 adds this entry to the registry when you install the system for the first time, or when you change the default value. If you upgrade from Windows NT 4.0 or earlier, the entry does not appear in the registry, but it is still in effect on your system.

Related Entries

Page Image

Page Image