Secure channel: Digitally sign secure channel data (when possible)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options


Determines whether the computer will always digitally encrypt or sign secure channel data.

When a Windows 2000 system joins a domain, a computer account is created. Thereafter, when the system boots, it uses the password for that account to create a secure channel with the domain controller for its domain. Requests sent on the secure channel are authenticated, and sensitive information (such as passwords) is encrypted, but the channel is not integrity checked and not all information is encrypted.

If this policy is enabled, all outgoing secure channel traffic should be signed.

If this policy is disabled, no outgoing secure channel traffic will be signed.

By default, this option is enabled.

Note Image Note

If Secure channel: Digitally encrypt secure channel data (when possible) is enabled, it will override any setting for this option and force it to be enabled.