I have a client machine and Windows 2008R2 (KDC) server. I created an account for the client to be able to log on to KDC server. On the client machine I specified the encryption as AES 256 and set the iteration count as 5000. How do I set the same on KDC server, as by default it takes the value as 4096?
Asked
Active
Viewed 125 times
1 Answers
1
We can specify the iteration count for all AD accounts in windows registry, HKLM\SYSTEM\CurrentControlSet\Services\Kdc\IterationCount (DWORD) But we can't specify different values for different accounts. The registry entry will be used for AES encryptions for all the ADC accounts.
Got the info here, http://blogs.technet.com/b/ad/archive/2007/11/02/server-2008-and-windows-vista-encryption-better-together.aspx
pras007
- 115
- 11