This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password 'distinct from their domain password' every time that they use a key, then it will be more difficult for an attacker to access locally stored keys, even an attacker who discovers logon passwords. This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!System cryptography: Force strong key protection for user keys stored on the computer (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography!ForceKeyProtection