Problem solve Get help with specific problems with your technologies, process and projects.

Beef up RAS security

Learn how to use 128-bit encryption for RAS users.

You want your RASers to be secure? Give them 128-bit encryption.

If you have the 128-bit version of Service Pack 3 or higher, your RAS server can be configured to use it:

  1. Control Panel / Network / Services / Remote Access Service / Properties.
  2. Click Network and Require Microsoft encrypted authentication.
  3. Click Require data encryption, OK, Continue, and Close.
  4. When prompted to restart, click No.
  5. Edit HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices RasManPPPCOMPCP and Add Value name ForceStrongEncryption as a type REG_DWORD and set it to 1.
  6. Shutdown and restart.

If a RAS client supports 128-bit encrytion, the event log will contain:
Event ID: 20107
Source: RemoteAccess
Description: The user RAS connected to port COM1 using strong encryption.

If the RAS client does not support 128-bit RAS encryption, you will see the following event:
Event ID: 20077
Source: RemoteAccess
Description: An error occurred in the Point to Point Protocol module on port COM1. The remote computer does not support the required encryption type. The client will receive a message 629, indicating the that they have been disconnected.

This was last published in December 2001

Dig Deeper on Windows Server Virtualization and Microsoft Hyper-V

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.