System cryptography: Force strong key protection for user keys stored on the computer

System Cryptography: Force strong key protection for user keys stored on the computer

This security setting determines if users' private keys require a password to be used.

The options are:

User input is not required when new keys are stored and used
User is prompted when the key is first used
User must enter a password each time they use a key
For more information, see Public key infrastructure.

Default: This policy is not defined.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Comments: 

Requires reboot with CNG on Vista; Does not require reboot with CAPI on Vista; Does not require reboot on XP, 2003 with CAPI

Supported on: 

At least Windows XP SP2, Windows Server 2003

Registry settings: 

MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection

Reboot required: 

Yes

Related content