Solved

System Cryptography: Force strong key protection for user keys stored on the computer

Posted on 2010-11-17
4
3,221 Views
Last Modified: 2013-12-08
I am attempting to import a certificate from a website (cloud app provider) however, I cannot disable the option "Enable strong private key protection. You will be prompted every time the private key is used by an application...." which in turn forces me to enter a very obscure password.

I do not wish to have this setting checked, and I have "googled" this issue and have had many hits. So far, the only solution that I can find, is to go into the Local Security and change the folowing security policy: System Cryptography: Force strong key protection for user keys stored on the computer.

My problem is that I do not have this security entry. The closest I have is "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".

How can I find this security option and change the setting to "User input is not required when new keys are stored and used"? Is there another way to defeat the "disable" checkbox through the registry or other means?  

This is a Windows XP pc and is not part of a domain and I am logging in as the administrator.


Thank you in advance for your assistance
0
Comment
Question by:peternintzel
  • 2
4 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 34158973
I think that settign was in Windows 7 , maybe Vista..... May be able to isolate it to a reg value, but not sure if the XP OS can interpret it or simply ignores it.....
0
 

Author Comment

by:peternintzel
ID: 34163904
John6767, thank you for the expedient response. One thing that I neglected to include was that this certificate worked just fine on my previous XP system (without the grayed out option). I just recently replaced that machine (bad motherboard) with a new XP machine (Yes, a new XP machine because our software vendor has not made our software ready  for Vista/7).

0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 125 total points
ID: 34201317
this got essentially disabled a few years back. it is controlled in the registry - note this is a software force only to require this, in its current state you log in once and its cached.  if you really need it to control using a PIN each time then get a smartcard that supports that in the card's OS, not the software/middleware.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/cd74689e-8e85-456b-8473-1215749a313d
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography] -> new DWORD Value
"ForceKeyProtection"=dword:2

You might also like this one to make the PIN window active instead of gray:
HKEY_CURRENT_USER\Control Panel\Desktop
Modify: DWORD: ForegroundLockTimeout : 0x0000000
0
 

Author Closing Comment

by:peternintzel
ID: 34206841
The registry change did it... Thank you..
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now