Solved

System Cryptography: Force strong key protection for user keys stored on the computer

Posted on 2010-11-17
4
3,273 Views
Last Modified: 2013-12-08
I am attempting to import a certificate from a website (cloud app provider) however, I cannot disable the option "Enable strong private key protection. You will be prompted every time the private key is used by an application...." which in turn forces me to enter a very obscure password.

I do not wish to have this setting checked, and I have "googled" this issue and have had many hits. So far, the only solution that I can find, is to go into the Local Security and change the folowing security policy: System Cryptography: Force strong key protection for user keys stored on the computer.

My problem is that I do not have this security entry. The closest I have is "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".

How can I find this security option and change the setting to "User input is not required when new keys are stored and used"? Is there another way to defeat the "disable" checkbox through the registry or other means?  

This is a Windows XP pc and is not part of a domain and I am logging in as the administrator.


Thank you in advance for your assistance
0
Comment
Question by:peternintzel
  • 2
4 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 34158973
I think that settign was in Windows 7 , maybe Vista..... May be able to isolate it to a reg value, but not sure if the XP OS can interpret it or simply ignores it.....
0
 

Author Comment

by:peternintzel
ID: 34163904
John6767, thank you for the expedient response. One thing that I neglected to include was that this certificate worked just fine on my previous XP system (without the grayed out option). I just recently replaced that machine (bad motherboard) with a new XP machine (Yes, a new XP machine because our software vendor has not made our software ready  for Vista/7).

0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 125 total points
ID: 34201317
this got essentially disabled a few years back. it is controlled in the registry - note this is a software force only to require this, in its current state you log in once and its cached.  if you really need it to control using a PIN each time then get a smartcard that supports that in the card's OS, not the software/middleware.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/cd74689e-8e85-456b-8473-1215749a313d
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography] -> new DWORD Value
"ForceKeyProtection"=dword:2

You might also like this one to make the PIN window active instead of gray:
HKEY_CURRENT_USER\Control Panel\Desktop
Modify: DWORD: ForegroundLockTimeout : 0x0000000
0
 

Author Closing Comment

by:peternintzel
ID: 34206841
The registry change did it... Thank you..
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Creating csr file for SSL 4 52
Which browser works with XP 16 172
Receipt Printer for web based app 3 65
Is the 2017 Annual Visitor Survey on Chrome a Virus? 11 188
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question