Group Policy Windows Server

Group Policy: System Cryptography Security Options

System cryptography is a wonderful fail-safe to protect a computer’s data, even if it falls into unauthorized users. Ensuring system cryptography settings are configured is a great way to add defense-in-depth for machines that must be used away from an organization.

Notice: Before you begin, ensure that this article is relevant to your organization and the Windows version you’re managing. This article is applicable up to Windows 20.04 and meant to remain in-line with how the group policy editor is laid-out.

The following group policy options are located in the following area: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Force strong key protection for user keys stored on the computer

Windows Description: This security setting determines if users’ private keys require a password to be used.

Recommended Configuration: User is prompted when the key is first used. or tighter configuration.

Rationale: If an account is compromised, malicious users cannot use the keys stored for the user to access the encrypted files.

Note: Microsoft does not recommend administrators install this configuration on servers. 

(adsbygoogle = window.adsbygoogle || []).push({});
Affiliate Links:

Looking to take your web browsing privacy more seriously? Use my referral link to download brave browser and start browsing without ads and trackers:

Other Articles:

Find other Windows Server Blogs here.


These configurations were established with the help from the following sources:

SANS Sample Policies: Click Here.

CIS Controls: Click Here.

Tech Republic Sample Policies: Click Here.

(adsbygoogle = window.adsbygoogle || []).push({});

One reply on “Group Policy: System Cryptography Security Options”

Hey there! I could have sworn I’ve been to this site before but after checking through some of the post I realized it’s new to me. Anyways, I’m definitely delighted I found it and I’ll be bookmarking and checking back frequently!

Leave a Reply

Your email address will not be published. Required fields are marked *