Secure channel: Require strong (Windows 2000 or later) session key

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options


If this policy is enabled, all outgoing secure channel traffic will require a strong (Windows 2000 or later) encryption key.

If this policy is disabled, the key strength is negotiated with the DC. This option should only be enabled if all of the DCs in all trusted domains support strong keys.

By default, this value is disabled.