System cryptography: Force strong key protection for user keys stored on the computerID: oval:org.secpod.oval:def:8845 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The System cryptography: Force strong key protection for user keys stored on the computer setting should be configured correctly.
This policy setting determines whether users private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password-distinct from their domain password-every time that they use a key, then it will be more difficult for an attacker to access locally stored keys, even an attacker who discovers logon passwords.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer
(2) KEY: HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProtection
Platform: |
Microsoft Windows Server 2008 R2 |