Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

System Cryptography: Force strong key protection for user keys stored on the computer

Posted on 2010-11-17
4
Medium Priority
?
3,581 Views
Last Modified: 2013-12-08
I am attempting to import a certificate from a website (cloud app provider) however, I cannot disable the option "Enable strong private key protection. You will be prompted every time the private key is used by an application...." which in turn forces me to enter a very obscure password.

I do not wish to have this setting checked, and I have "googled" this issue and have had many hits. So far, the only solution that I can find, is to go into the Local Security and change the folowing security policy: System Cryptography: Force strong key protection for user keys stored on the computer.

My problem is that I do not have this security entry. The closest I have is "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".

How can I find this security option and change the setting to "User input is not required when new keys are stored and used"? Is there another way to defeat the "disable" checkbox through the registry or other means?  

This is a Windows XP pc and is not part of a domain and I am logging in as the administrator.


Thank you in advance for your assistance
0
Comment
Question by:peternintzel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 34158973
I think that settign was in Windows 7 , maybe Vista..... May be able to isolate it to a reg value, but not sure if the XP OS can interpret it or simply ignores it.....
0
 

Author Comment

by:peternintzel
ID: 34163904
John6767, thank you for the expedient response. One thing that I neglected to include was that this certificate worked just fine on my previous XP system (without the grayed out option). I just recently replaced that machine (bad motherboard) with a new XP machine (Yes, a new XP machine because our software vendor has not made our software ready  for Vista/7).

0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 34201317
this got essentially disabled a few years back. it is controlled in the registry - note this is a software force only to require this, in its current state you log in once and its cached.  if you really need it to control using a PIN each time then get a smartcard that supports that in the card's OS, not the software/middleware.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/cd74689e-8e85-456b-8473-1215749a313d
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography] -> new DWORD Value
"ForceKeyProtection"=dword:2

You might also like this one to make the PIN window active instead of gray:
HKEY_CURRENT_USER\Control Panel\Desktop
Modify: DWORD: ForegroundLockTimeout : 0x0000000
0
 

Author Closing Comment

by:peternintzel
ID: 34206841
The registry change did it... Thank you..
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question