This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 30%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Hello,
I'm seeking to implement AES encryption for user accounts in Active Directory. My question is whether this can be achieved through Group Policy Objects (GPOs). Based on my research, it appears that Windows Active Directory (AD) does not inherently support direct encryption of individual user accounts using GPOs.
I came across a post where a solution was provided to enable AES for user accounts, but I'm interested in establishing this configuration as a default for any newly created account. Here's the link to the post I referred to:
Could you please confirm the accuracy of my understanding?
Thank you for your assistance.
I came across these links and it helped me understand the whole AES Kerberos encryption and how to set AES_256 as default.
https://www.linkedin.com/pulse/enforcing-aes-256-bit-encryption-domain-valentin-komarovskiy-mba/
https://www.drware.com/decrypting-the-selection-of-supported-kerberos-encryption-types/
May have already happened depending on the patch level. Something here could help.
--please don't forget to upvote and Accept as answer if the reply is helpful--
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--