I want to Require strong (Windows 2000 or later) session key on my domain controllers

Domain member: Require strong (Windows 2000 or later) session key , I want to ENABLE this on my DOMAIN CONTROLLERS , the functional level of the domain is "windows server 2003", how can I test this to make sure I dont break stuff ???
LVL 2
kaos_theoryAsked:
Who is Participating?
 
Jason WatkinsIT Project LeaderCommented:
Hi,

Unless you have a test domain, which parallels your production domain, you can either try this on your production domain or use Resultant Set of Policy in planning mode to forecast projected group policy changes.

Make the change; http://technet.microsoft.com/en-us/library/cc758041%28WS.10%29.aspx

Use RSoP to forecast; http://technet.microsoft.com/en-us/library/cc737327%28WS.10%29.aspx
0
 
hshaoCommented:
Windows 2000 and later Windows system uses 128-bit encryption. And this is the default setting.

If you do not have any domain member that is pre-Windows 2000, such as Windows 98, etc, then this policy can be enabled. For security Microsoft actually suggest this setting to be enabled if there is no legacy system used.  If however communications to other operating systems are required, this setting should be disabled.

Hope this helps!
0
 
kaos_theoryAuthor Commented:
is there a excact link on MS site for this recomendtion ?

0
 
Jason WatkinsIT Project LeaderCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.