• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1103
  • Last Modified:

On server 2003, "Domain Member:Digitally encrypt or sign secure channel data (always)" is greyed out

On server 2003, In security polcy settings, why is the eneble/disable choices greyed out under "Domain Member:Digitally encrypt or sign secure channel data (always)"
0
ambantin
Asked:
ambantin
2 Solutions
 
oBdACommented:
Because a group policy exists in your domain that defines this setting. You can run
gpresult /scope computer
and look for "The machine received security settings from the following GPOs" (or similar) on the machine to find out the name of possible GPOs where this settings is defined.
0
 
ambantinAuthor Commented:
need more laymens terms
0
 
ambantinAuthor Commented:
nvm... i am getting it
0
 
Cyber-DudeCommented:
"If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:

    * Domain member: Digitally encrypt secure channel data (when possible)
    * Domain member: Digitally sign secure channel data (when possible)

Default: Enabled."

Quoted via MS

Cyber
0
 
askdavidCommented:

where u r getting this ?

in "Default Domain Controller Policy Editor" or in "Default Domain Policy" ?

DAVID
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now