System cryptography: Force strong key protection for user keys stored on the computerID: oval:org.secpod.oval:def:29656 | Date: (C)2015-10-14 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password distinct from their domain password every time that they use a key, then it will be more difficult for an attacker to access locally stored keys, even an attacker who discovers logon passwords.
System Cryptography: Force strong key protection for user keys stored on the computer
This security setting determines if users' private keys require a password to be used.
The options are:
User input is not required when new keys are stored and used
User is prompted when the key is first used
User must enter a password each time they use a key
For more information, see Public key infrastructure.
Default: This policy is not defined.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!System cryptography: Force strong key protection for user keys stored on the computer
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography!ForceKeyProtection
Platform: |
Microsoft Windows 8.1 |