System cryptography is a wonderful fail-safe to protect a computer’s data, even if it falls into unauthorized users. Ensuring system cryptography settings are configured is a great way to add defense-in-depth for machines that must be used away from an organization.
Notice: Before you begin, ensure that this article is relevant to your organization and the Windows version you’re managing. This article is applicable up to Windows 20.04 and meant to remain in-line with how the group policy editor is laid-out.
The following group policy options are located in the following area: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options
Force strong key protection for user keys stored on the computer
Windows Description: This security setting determines if users’ private keys require a password to be used.
Recommended Configuration: User is prompted when the key is first used. or tighter configuration.
Rationale: If an account is compromised, malicious users cannot use the keys stored for the user to access the encrypted files.
Note: Microsoft does not recommend administrators install this configuration on servers.
Looking to take your web browsing privacy more seriously? Use my referral link to download brave browser and start browsing without ads and trackers: