Share via

Disable RC4 and enable 256 and 128 AES bit encryption for service account

Vigneshwaran M 1 Reputation point
2021-12-02T05:26:23.777+00:00

Hi,

My security team notified that there is vulnerability in RC4 so they identified and some service account and that need to be disable RC4 and need to be enable with 128 & 256 AES encryption.

So my question is if we disable and apply it(256 & 128 AES encr) for service account on prod environment, do we receive any impact or any body gone to such things can explain the exp.

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2021-12-02T10:48:14.967+00:00

    Hi,

    You can have a impact when you still have in your environment windows 2003 or Windows XP.

    If the service account is used to generate keytab file, you should regenerate new version which support AES.
    All Windows server 2008 R2 or higher and Windows 7 or higher support AES 256 encryption.

    If you have many domain and forest with trust , I recommend you to start check if the AES is enabled on trust level before enable it on service account.

    1628797

    Please don't forget to mark helpful reply as answer

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.