How to set iteration count for a active directory account

131 views Asked by At

I have a client machine and Windows 2008R2 (KDC) server. I created an account for the client to be able to log on to KDC server. On the client machine I specified the encryption as AES 256 and set the iteration count as 5000. How do I set the same on KDC server, as by default it takes the value as 4096?

1

There are 1 answers

0
pras007 On

We can specify the iteration count for all AD accounts in windows registry, HKLM\SYSTEM\CurrentControlSet\Services\Kdc\IterationCount (DWORD) But we can't specify different values for different accounts. The registry entry will be used for AES encryptions for all the ADC accounts.

Got the info here, http://blogs.technet.com/b/ad/archive/2007/11/02/server-2008-and-windows-vista-encryption-better-together.aspx