![]() Default values are also listed on the policy’s property page. The following table lists the actual and effective default policy values. LocationĬomputer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ Default values ![]() Note: Do not enable this policy setting unless business requirements outweigh the need to protect password information. This setting presents a security risk when you apply the setting by using Group Policy on a user-by-user basis because it requires opening the appropriate user account object in Active Directory Users and Computers. If you use CHAP through remote access or IAS, or Digest Authentication in IIS, you must set this value to Enabled. ![]() Set the value for Store password using reversible encryption to Disabled. Information Services (IIS) also requires that you enable this policy setting. CHAP is an authentication protocol that is used by remote access and network connections. If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS), you must enable this policy setting. For this reason, never enable Store password using reversible encryption for all users in the domain unless application requirements outweigh the need to protect password information. A knowledgeable attacker who is able to break this encryption can then sign in to network resources by using the compromised account. Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted. ![]() The Store password using reversible encryption policy setting provides support for applications that use protocols that require the user's password for authentication. Describes the best practices, location, values, and security considerations for the Store passwords using reversible encryption security policy setting. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |