RequireStrongKey

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD 0 | 1 0

Description

Determines whether the system requires that all secure channel keys be computed by using a strong key. If it does, the trusted domain controller on the other side of the channel must be able to compute strong keys. For public, non-exportable keys, a strong key is one that is 128 bytes or longer.

All secure channels have keys. The keys are used for authentication, signing, or encryption, depending on the capability and requirements of the systems.

Value Meaning
0 False. This system does not require that the trusted domain controller be able to compute a strong key.
1 True. The system requires that the trusted domain controller be able to compute a strong key. If the domain controller on the other side of the channel does not support strong key encryption, this system refuses to establish a channel.
 

Note Image Note

This entry should be set to 1 only when all of the trusted domains are able to compute strong keys.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Related Entries

Page Image

Page Image