Beef up RAS security

Learn how to use 128-bit encryption for RAS users.

You want your RASers to be secure? Give them 128-bit encryption.

If you have the 128-bit version of Service Pack 3 or higher, your RAS server can be configured to use it:

  1. Control Panel / Network / Services / Remote Access Service / Properties.
  2. Click Network and Require Microsoft encrypted authentication.
  3. Click Require data encryption, OK, Continue, and Close.
  4. When prompted to restart, click No.
  5. Edit HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices RasManPPPCOMPCP and Add Value name ForceStrongEncryption as a type REG_DWORD and set it to 1.
  6. Shutdown and restart.

If a RAS client supports 128-bit encrytion, the event log will contain:
Event ID: 20107
Source: RemoteAccess
Description: The user RAS connected to port COM1 using strong encryption.

If the RAS client does not support 128-bit RAS encryption, you will see the following event:
Event ID: 20077
Source: RemoteAccess
Description: An error occurred in the Point to Point Protocol module on port COM1. The remote computer does not support the required encryption type. The client will receive a message 629, indicating the that they have been disconnected.

This was first published in December 2001

Dig deeper on Windows Server Virtualization and Microsoft Hyper-V



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: