1. Windows Server 12 Essentials Videos
  2. Windows 10 Free Serial Key
ProduKey v1.93 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.
Copyright (c) 2005 - 2018 Nir Sofer

Locate the Windows Server product key in the Software Licenses area of the results that Belarc displays, which you may have noticed is inside a browser window. Your Windows Server key will be a 25-character, alphanumeric code, in 5 sections of 5 characters, as in xxxxx-xxxxx-xxxxx-xxxxx-xxxxx. Buy Genuine Serial Numbers and Licence Keys for the latest Anti Virus Software, Firewall Software, OS Software, and more! Order now at an Unbeatable Price! Windows 10 Pro Retail Key + Office Professional Plus 2016 Key (Value Package) 7 Review(s) Regular Price: $599.99. I have recently installed Windows Server 2012 Release Candidate Datacenter, with no issues. The default key that comes on the ISO works fine for me. The thing is, the WIM on the ISO contains 4 products. Windows Server 2008 KMS and Evaluation Product Keys. Guide Microsoft News Product Keys Serial Keys Windows. Thanks for Eval key, I was using Windows server.

Related Links

  • Recover lost CD keys for Windows and 9000+ major programs - including products of Adobe, Symantec, Autodesk, and more..
  • NK2Edit - Edit, merge and fix the AutoComplete files (.NK2) of Microsoft Outlook.
  • FileTypesMan - Alternative to 'File Types' manager of Windows.
  • UninstallView - Alternative to the software uninstaller of Windows.

Description

ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003, Microsoft Office 2007),Windows (Including Windows 8/7/Vista), Exchange Server, and SQL Server installed on your computer.You can view this information for your current running operating system, or for anotheroperating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office, and you wantto reinstall it on your computer.

Versions History

  • Version 1.93
    • Added 'Office Product Name Extraction Mode' option, which controls the way that the product name of MS-Office is extarcted from the Registry:
      'Prefer the product name from Uninstall Registry key' - ProduKey tries to extract the product name from the Uninstall Registry entry, like it did until version 1.85
      'Prefer the product name from Office Registry key' - ProduKey first tries to extract the product name from 'ProductNameNonQualified' and 'ConvertToEdition' Registry values, like it did starting from version 1.86
  • Version 1.92
    • Added 'Build Number' column (For Windows entries only).
  • Version 1.91
    • When loading product keys from remote computer or external drive, the name of the computer or external path is now displayed in the window title.
  • Version 1.90
    • When the 'Temporarily start the remote registry service on the remote computer' option is turned on, ProduKeynow starts the Remote Registry service even if it's disabled.
  • Version 1.88
    • Added 'Save All Items' option.
  • Version 1.87
    • Fixed to display Office version if the product name is not stored in the Registry.
  • Version 1.86
    • Fixed bug: ProduKey displayed wrong product name of Microsoft Office taken from another Registry key.
  • Version 1.85
    • Added 'Auto Size Columns+Headers' option.
    • Added 'Auto Size Columns On Load' option.
  • Version 1.83
    • Added support for SQL Server 2012/2014.
  • Version 1.82
    • Added 'Run As Administrator' option (Ctrl+F11), which is needed to get a product key from external drive on Windows Vista and later.
  • Version 1.81
    • You can now export the product keys list to JSON file.
  • Version 1.80
    • Added option to temporarily start the remote registry service on the remote computer (For reading the product keys from the Registry on the remote computer).
  • Version 1.75
    • Added support for some Adobe and Autodesk products.
  • Version 1.70
    • Added support for BIOS OEM Key (Windows 8).
  • Version 1.67
    • The DefaultProductKey Registry key support added on v1.61 is now turned off by default (You can turn it on with 'Load Default Product Key' option).
  • Version 1.66
    • Added /NoErrorMessage command-line option. If you specify it with a save command-line option, an error messagewon't be displayed if the save action is failed. Instead, the error code will be returned to the caller.
  • Version 1.65
    • Added support for Visual Studio.
  • Version 1.62
    • Fixed bug from v1.61: ProduKey crashed in some systems.
  • Version 1.61
    • ProduKey now tries to extract the key from DefaultProductKey Registry key if the product key cannot be found in the standard location of Windows 7 product key.
  • Version 1.60
    • Added support for SQL Server 2008.
  • Version 1.56
    • Fixed a bug with the 'N' character location on the product key of Windows 8.
  • Version 1.55
    • Fixed ProduKey to decode properly the product key of Windows 8.
  • Version 1.54
    • Fixed issue: The properties and 'Select Source' windows opened in the wrong monitor, on multi-monitors system.
  • Version 1.53
    • Fixed bug: ProduKey displayed wrong product name string for Exchange Server 2003.
  • Version 1.52
    • Decreased the height of the 'Select Source' window to fit the netbook screen size of 1024x600.
  • Version 1.51
    • Added 'Show Time In GMT' option.
    • Added 'Mark Odd/Even Rows' option, under the View menu. When it's turned on, the odd and even rows are displayed in different color, to make it easier to read a single line.
  • Version 1.50
    • Added 'Show the computer name for every IP address' option.This option is useful when you scan a range of IP addresses, and you want to view the computer nameof every IP address. Be aware that the computer names will appear a few seconds after finishing to scan the product keys.
  • Version 1.46
    • Added accelerator keys for 'Copy Product ID' (Ctrl+I) and for 'Copy Product Key' (Ctrl+K).
  • Version 1.45
    • Added 'Add Header Line To CSV/Tab-Delimited File' option. When this option is turned on, the column names are addedas the first line when you export to csv or tab-delimited file.
  • Version 1.43
    • When the product key is not stored in the Registry (like in volume licenses of Windows 7), ProduKey will display 'Product key was not found' instead of wrong 'BBBBB-BBBBB-BBBBB-BBBBB-BBBBB' key
  • Version 1.42
    • Added 'Copy Product ID' and 'Copy Product Key' options.
  • Version 1.41
    • Added /ExtractEdition command-line option.
  • Version 1.40
    • Fixed ProduKey to display the right product key of Microsoft Office 2010 Beta (Office 14)
  • Version 1.38
    • Added sorting options from command-line.
  • Version 1.37
    • Fixed issue with x64 systems - The 32-bit version of ProduKey can now also retrievethe product key when you run it on x64 system.
  • Version 1.36
    • Added command-line options to control which types of product keys will be shown. (/WindowsKeys, /OfficeKeys, and others)
  • Version 1.35
    • New option: Load the product keys of external Windows installations from all disks currently plugged to your computer.When using this option, ProduKey automatically scan all your hard-drives, find the Windows installation folder in them, and extract all product keys stored in these Windows installations.
    • New Command-Line Option: /external
  • Version 1.33
    • Fixed bug: In 'Select Source' dialog-box, a disk drive error message displayed in some computers.
    • Added AutoComplete to Windows directoried combo-box.
  • Version 1.32
    • You can now send the information to stdout by specifying an empty filename (') in the command-line. (For example: produkey.exe /stab ' >> c:tempprd.txt)
  • Version 1.31
    • Added the last modified time of the ProductID Registry key.
  • Version 1.30
    • New option: display the edition (Standard/Professional/Enterprise) of Windows 2000/XP/2003. (doesn't work for remote computers)
    • Added AutoComplete for file selection.
    • Fixed bug: The main window lost the focus when the user switched to another application and then returned back to ProduKey.
  • Version 1.26
    • Added support for saving comma-delimited (.csv) files.
    • Added new command-line option: /scomma
  • Version 1.25
    • Added new source option: Load the product keys from all computers in the specified IP addresses range.
    • New command-line option: /iprange
    • New option: Check every remote machine with ping before trying to connect. (Only for Windows 2000 or above)
  • Version 1.20
    • Added 'Select Source' (F9) option - user interface for loading the product keys from remote computers or from external drive.
  • Version 1.15
    • Added 'Service Pack' column (Only for Windows entries)
    • Added 'Installation Folder' column (Only for Windows and Office entries)
  • Version 1.10 - Added filters by product type.
  • Version 1.08 - The configuration of ProduKey is now saved to a file instead of the Registry.
  • Version 1.07
    • Added support for product key of Ms-Office under x64, when it's retrieved from external Registry file.
    • Added x64 build - for locally retrieving product keys of x64 versions of Windows.
  • Version 1.06 - Added support for SQL Server 2005.
  • Version 1.05
    • Display information in the status bar while scanning computers with /remoteall and /remotefile options
    • New option /remotealldomain - scan all computers in the specified domain.
    • Changes in the way that /remoteall scan all computers.
  • Version 1.04 - Added product key of Exchange Server.
  • Version 1.03 - new command-line option: /remoteall
  • Version 1.02 - On newer versions of Office (XP/2003) - display the real product name, if it's written in the Registry.
  • Version 1.01 - Added support for XP visual style.
  • Version 1.00 - First release.

Known Problems

  • When running produkey.exe, Some Antivirus programs displays an alert and/or block you from running it.Click here to read more about false alerts in Antivirus programs
    If your Antivirus software shows a false alert, you can use the following article that explains how to send a report about a false positive issue to your Antivirus company:
    How to Report Malware or False Positives to Multiple Antivirus Vendors
  • For some types of license keys under Windows 7/8/2008, the product key is not stored in the Registry, and thus 'Product key was not found' message will be displayed.
  • If you bought your computer with installed operating system, you may find the Windows product key appeared in ProduKey utility is different from the product key on your Windows CD. This problem is mostly reported with Dell computers.
  • From unknown reason, the product key of Visual Stuido .NET is written in the Registry as Office XP product..
  • In old versions of Office (Office 2000 and below), the 'Product Key' value is not available.

Supported Products List

  • Microsoft Windows 98/ME
  • Microsoft Windows 2000
  • Microsoft Windows NT
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows 7 (Doesn't work with Microsoft Volume Licensing)
  • Microsoft Windows 8 (Doesn't work with Microsoft Volume Licensing)
  • Microsoft Windows 10 (Doesn't work with all types of licenses)
  • Microsoft Office 2000 (Only ProductID is displayed)
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2005
  • Microsoft Exchange Server 2000
  • Microsoft Exchange Server 2003
  • Visual Studio
  • Some of the Adobe and Autodesk products.

System Requirements

ProduKey works on all versions of Windows. Both 32-bit and 64-bit systems are supported. However, some features, like viewing theproduct keys of another operating system instance, are only supported on Windows 2000/XP/2003/2008/Vista/7/8.

License

This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this and you don'tsell it or distribute it as a part of commercial product. If you distribute this utility, you must include all files inthe distribution package, without any modification !

Disclaimer

The software is provided 'AS IS' without any warranty, either expressed or implied,including, but not limited to, the implied warranties of merchantability and fitnessfor a particular purpose. The author will not be liable for any special, incidental,consequential or indirect damages due to loss of data or any other reason.

Using ProduKey

ProduKey doesn't requite any installation process or additional DLLs. In order to start using it, simply extract the files to any folder you like, and then run the executable file - produkey.exe
If you want, you can also download ProduKey with full install/uninstall support (produkey_setup.exe), and then install it like any other software.
The main window of ProduKey displays the list of Windows, Office, and SQL Server products installed on your system.For each product, the 'Product ID' and 'Product Key' are displayed.If you want the view the product key information in another computer, or in another operating system within the same computer, use the command-line options below.

Command-Line Options

Examples:
produkey.exe /shtml 'f:tempkeys.html' /sort 2 /sort ~1
produkey.exe /shtml 'f:tempkeys.html' /sort 'Product Name' /sort 'Product Key'

/remotealldomain [Domain Name]Enumerate all computers in the specified domain, and load the product key information from them.
/iprange [From IP] [To IP]Load product key information from all computers in the specified IP addresses range.In order to use this option, you must have Administrator privileges in all these computers.
/windir [Windows Directory]Load product key information from another operating system on the same computer.The [Windows Directory] specifies the base folder of Windows installation, for example:c:windows, c:winnt

This feature is only supported on Windows 2000/XP/2003/2008/Vista/7.

/regfile [Software Registry File]Load product key information from another operating system on the same computer.The [Software Registry File] specifies the software registry file usually located underc:windowssystem32config

This feature is only supported on Windows 2000 or greater.

/WindowsKeys [0 1]Specifies whether you want to view the product keys of Windows. 0 = No, 1 = Yes.
/IEKeys [0 1]Specifies whether you want to view the product keys of Internet Explorer. 0 = No, 1 = Yes.
/ExchangeKeys [0 1]Specifies whether you want to view the product keys of Exchange. 0 = No, 1 = Yes.
/stab <Filename>Save the list of product keys into a tab-delimited text file.
/stabular <Filename>Save the list of product keys into a tabular text file.
/sverhtml <Filename>Save the list of product keys into vertical HTML file.
/sjson <Filename>Save the list of product keys into JSON file.
/NoErrorMessageWhen you specify it, ProduKey will not display an error message if the save action is failed.

Examples:
produkey.exe /remote Server01
produkey.exe /remotefile 'c:tempcomputers.txt'
produkey.exe /regfile 'F:WINNTsystem32configsoftware'
produkey.exe /windir 'c:winnt' /shtml 'c:temppk.html'
produkey.exe /remoteall
produkey.exe /remotealldomain MyDomain
produkey.exe /iprange 192.168.1.10 192.168.1.50
produkey.exe /stab ' >> c:tempprd.txt
produkey.exe /OfficeKeys 0 /WindowsKeys 1 /shtml f:tempkeys.html

Translating ProduKey to other languages

In order to translate ProduKey to other language, follow the instructions below:
  1. Run ProduKey with /savelangfile parameter:
    ProduKey.exe /savelangfile
    A file named ProduKey_lng.ini will be created in the folder of ProduKey utility.
  2. Open the created language file in Notepad or in any other text editor.
  3. Translate all string entries to the desired language.Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
  4. After you finish the translation, Run ProduKey, and all translated strings will be loaded from the language file.
    If you want to run ProduKey without the translation, simply rename the language file, or move it to another folder.

Feedback

If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com
Download ProduKey (In Zip file)
Download ProduKey for x64
Download ProduKey with full install/uninstall support
Recover keys of other non-Windows products

ProduKey is also available in other languages. In order to change the language of ProduKey, download the appropriate language zip file, extract the 'produkey_lng.ini', and put it in the same folder that you Installed ProduKey utility.

LanguageTranslated ByDateVersion
ArabicAbu Rehaam23/01/20191.93
AzerbaijaniAnguerde02/03/20181.90
Bahasa IndonesiaAgus Nurliawan14/09/2007
BelarussianAgnessa Petrova19/02/20181.90
Brazilian PortugueseToni Leandro (MDM-MG Brazil)01/03/2018
Brazilian PortuguesePaulo Neto08/01/2016
Brazilian PortuguesePaulo Guzmán12/08/20181.93
BulgarianHristo Drumev29/10/2007
CatalanJottunheim22/10/2018
CzechJulius Faltus (v.1.66)30/07/2014
CzechAnders19/07/2010
DanishClaus Svalekjaer18/09/20161.85
DutchJan Verheijen13/06/20181.93
DutchJan Verheijen18/09/20091.37
EstonianToomas Tomberg18/12/2009
FinnishTurveperse10/02/2006
FrenchSkorpix38 (oct 2016)31/10/20161.87 (oct 2016)
FrenchDominic Desbiens/Largo13/06/2018
FrenchAgent 4613/12/2017
GalicianXosé Antón Vicente Rodríguez11/05/2005
German«Latino» auf WinTotal.de13/06/20181.93
Greekgeogeo.gr10/12/20171.91
Hangulsinooki05/09/20131.65
Hebrew15/09/2006
HungarianTamás Ferenc15/06/20161.83
ItalianAndrea Carli13/06/20181.93
ItalianAlessandro Viscone21/04/2018
ItalianMassi05/07/20151.75
JapaneseKumarinecity07/12/2015
Koreancirclash14/05/20111.51
LatvianRalf Yu06/03/2008
LithuanianIgor Gubaidulin a.k.a. MucTuK16/06/2006
MongolianA.Tsend-Ayush29/07/2006
Norwegian Oeyvind Instefjord11/06/2015
PersianMustapha Ramezanpour19/08/2006
PersianNAHCI 1301/09/2007
PolishHightower14/06/20181.93
PortugueseFilipe 'Pollux' Baeta01/09/2017
Portuguese BrazilMark Nascimento - Bambuí02/06/2005
RomanianJaff (Oprea Nicolae)01/02/20161.83
Russianselkv && Habetdin13/07/20101.42
RussianWinAddon Project13/04/20171.90
Simplified Chinese小程93615/09/2017
Simplified Chineselocationiskey17/04/2017
SlovakFrantišek Fico18/06/20181.93
SlovenianJadran Rudec28/11/2005
SpanishJose Antonio Alvarez Dominguez16/03/2016
SwedishI.K.l06/02/20181.92
Taiwanese臺灣共和國23/03/2008
Traditional ChineseDanfong Hsieh13/06/2018
Traditional Chinese丹楓(虫二電氣診所)17/04/2012
Thaiประสิทธิ์ แคภูเขียว25/03/2008
TurkishHARUN ARI04/08/20111.53
TurkishCemil Kaynar11/11/20161.87
UkrainianYurii Petrashko (aka YuriPet)12/05/20111.46
Valencianvjatv04/10/2007

Windows Server 12 Essentials Videos

-->

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows 10

This reference topic for the IT professional contains supported registry setting information for the Windows implementation of the Transport Layer Security (TLS) protocol and the Secure Sockets Layer (SSL) protocol through the Schannel Security Support Provider (SSP).The registry subkeys and entries covered in this topic help you administer and troubleshoot the Schannel SSP, specifically the TLS and SSL protocols.

Caution

This information is provided as a reference to use when you are troubleshooting or verifying that the required settings are applied.We recommend that you do not directly edit the registry unless there is no other alternative.Modifications to the registry are not validated by the Registry Editor or by the Windows operating system before they are applied.As a result, incorrect values can be stored, and this can result in unrecoverable errors in the system.When possible, instead of editing the registry directly, use Group Policy or other Windows tools such as the Microsoft Management Console (MMC) to accomplish tasks.If you must edit the registry, use extreme caution.

CertificateMappingMethods

This entry does not exist in the registry by default.The default value is that all four certificate mapping methods, listed below, are supported.

When a server application requires client authentication, Schannel automatically attempts to map the certificate that is supplied by the client computer to a user account.You can authenticate users who sign in with a client certificate by creating mappings, which relate the certificate information to a Windows user account.After you create and enable a certificate mapping, each time a client presents a client certificate, your server application automatically associates that user with the appropriate Windows user account.

In most cases, a certificate is mapped to a user account in one of two ways:

  • A single certificate is mapped to a single user account (one-to-one mapping).
  • Multiple certificates are mapped to one user account (many-to-one mapping).

By default, the Schannel provider will use the following four certificate mapping methods, listed in order of preference:

  1. Kerberos service-for-user (S4U) certificate mapping
  2. User principal name mapping
  3. One-to-one mapping (also known as subject/issuer mapping)
  4. Many-to-one mapping

Applicable versions: As designated in the Applies To list that is at the beginning of this topic.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

Windows Server 12 Serial Key

Ciphers

TLS/SSL ciphers should be controlled by configuring the cipher suite order. For details, see Configuring TLS Cipher Suite Order.

For information about default cipher suites order that are used by the Schannel SSP, see Cipher Suites in TLS/SSL (Schannel SSP).

CipherSuites

Configuring TLS/SSL cipher suites should be done using group policy, MDM or PowerShell, see Configuring TLS Cipher Suite Order for details.

For information about default cipher suites order that are used by the Schannel SSP, see Cipher Suites in TLS/SSL (Schannel SSP).

ClientCacheTime

This entry controls the amount of time that the operating system takes in milliseconds to expire client-side cache entries.A value of 0 turns off secure-connection caching.This entry does not exist in the registry by default.

The first time a client connects to a server through the Schannel SSP, a full TLS/SSL handshake is performed.When this is complete, the master secret, cipher suite, and certificates are stored in the session cache on the respective client and server.

Beginning with Windows Server 2008 and Windows Vista, the default client cache time is 10 hours.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

Default client cache time

EnableOcspStaplingForSni

Online Certificate Status Protocol (OCSP) stapling enables a web server, such as Internet Information Services (IIS), to provide the current revocation status of a server certificate when it sends the server certificate to a client during the TLS handshake.This feature reduces the load on OCSP servers because the web server can cache the current OCSP status of the server certificate and send it to multiple web clients.Without this feature, each web client would try to retrieve the current OCSP status of the server certificate from the OCSP server.This would generate a high load on that OCSP server.

In addition to IIS, web services over http.sys can also benefit from this setting, including Active Directory Federation Services (AD FS) and Web Application Proxy (WAP).

By default, OCSP support is enabled for IIS websites that have a simple secure (SSL/TLS) binding.However, this support is not enabled by default if the IIS website is using either or both of the following types of secure (SSL/TLS) bindings:

  • Require Server Name Indication
  • Use Centralized Certificate Store

In this case, the server hello response during the TLS handshake won't include an OCSP stapled status by default.This behavior improves performance: The Windows OCSP stapling implementation scales to hundreds of server certificates.Because SNI and CCS enable IIS to scale to thousands of websites that potentially have thousands of server certificates, setting this behavior to be enabled by default may cause performance issues.

Applicable versions: All versions beginning with Windows Server 2012 and Windows 8.

Registry path: [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL]

Add the following key:

'EnableOcspStaplingForSni'=dword:00000001

To disable, set the DWORD value to 0:

'EnableOcspStaplingForSni'=dword:00000000

Note

Enabling this registry key has a potential performance impact.

FIPSAlgorithmPolicy

This entry controls Federal Information Processing (FIPS) compliance.The default is 0.

Windows 10 Free Serial Key

Applicable versions: All versions beginning with Windows Server 2012 and Windows 8.

Registry path: HKLM SYSTEMCurrentControlSetControlLSA

Windows Server FIPS cipher suites: See Supported Cipher Suites and Protocols in the Schannel SSP.

Hashes

TLS/SSL hash algorithms should be controlled by configuring the cipher suite order.See Configuring TLS Cipher Suite Order for details.

IssuerCacheSize

This entry controls the size of the issuer cache, and it is used with issuer mapping.The Schannel SSP attempts to map all of the issuers in the client’s certificate chain—not only the direct issuer of the client certificate.When the issuers do not map to an account, which is the typical case, the server might attempt to map the same issuer name repeatedly, hundreds of times per second.

To prevent this, the server has a negative cache, so if an issuer name does not map to an account, it is added to the cache and the Schannel SSP will not attempt to map the issuer name again until the cache entry expires.This registry entry specifies the cache size.This entry does not exist in the registry by default.The default value is 100.

Applicable versions: All versions beginning with Windows Server 2008 and Windows Vista.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

IssuerCacheTime

This entry controls the length of the cache timeout interval in milliseconds.The Schannel SSP attempts to map all of the issuers in the client’s certificate chain—not only the direct issuer of the client certificate.In the case where the issuers do not map to an account, which is the typical case, the server might attempt to map the same issuer name repeatedly, hundreds of times per second.

To prevent this, the server has a negative cache, so if an issuer name does not map to an account, it is added to the cache and the Schannel SSP will not attempt to map the issuer name again until the cache entry expires.This cache is kept for performance reasons, so that the system does not continue trying to map the same issuers.This entry does not exist in the registry by default.The default value is 10 minutes.

Applicable versions: All versions beginning with Windows Server 2008 and Windows Vista.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

KeyExchangeAlgorithm - Client RSA key sizes

This entry controls the client RSA key sizes.

Use of key exchange algorithms should be controlled by configuring the cipher suite order.

Added in Windows 10, version 1507 and Windows Server 2016.

Registry path: HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithmsPKCS

To specify a minimum supported range of RSA key bit length for the TLS client, create a ClientMinKeyBitLength entry.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to the desired bit length.If not configured, 1024 bits will be the minimum.

To specify a maximum supported range of RSA key bit length for the TLS client, create a ClientMaxKeyBitLength entry.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to the desired bit length.If not configured, then a maximum is not enforced.

KeyExchangeAlgorithm - Diffie-Hellman key sizes

This entry controls the Diffie-Hellman key sizes.

Use of key exchange algorithms should be controlled by configuring the cipher suite order.

Added in Windows 10, version 1507 and Windows Server 2016.

Registry path: HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithmsDiffie-Hellman

To specify a minimum supported range of Diffie-Helman key bit length for the TLS client, create a ClientMinKeyBitLength entry.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to the desired bit length.If not configured, 1024 bits will be the minimum.

To specify a maximum supported range of Diffie-Helman key bit length for the TLS client, create a ClientMaxKeyBitLength entry.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to the desired bit length.If not configured, then a maximum is not enforced.

To specify the Diffie-Helman key bit length for the TLS server default, create a ServerMinKeyBitLength entry.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to the desired bit length.If not configured, 2048 bits will be the default.

MaximumCacheSize

This entry controls the maximum number of cache elements.Setting MaximumCacheSize to 0 disables the server-side session cache and prevents reconnection.Increasing MaximumCacheSize above the default values causes Lsass.exe to consume additional memory.Each session-cache element typically requires 2 to 4 KB of memory.This entry does not exist in the registry by default.The default value is 20,000 elements.

Applicable versions: All versions beginning with Windows Server 2008 and Windows Vista.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

Messaging – fragment parsing

This entry controls the maximum allowed size of fragmented TLS handshake messages that will be accepted.Messages larger than the allowed size will not be accepted and the TLS handshake will fail.These entries do not exist in the registry by default.

When you set the value to 0x0, fragmented messages are not processed and will cause the TLS handshake to fail.This makes TLS clients or servers on the current machine non-compliant with the TLS RFCs.

The maximum allowed size can be increased up to 2^24-1 bytes.Allowing a client or server to read and store large amounts of unverified data from the network is not a good idea and will consume additional memory for each security context.

Added in Windows 7 and Windows Server 2008 R2.An update that enables Internet Explorer in Windows XP, in Windows Vista, or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available.

Registry path: HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELMessaging

To specify a maximum allowed size of fragmented TLS handshake messages that the TLS client will accept, create a MessageLimitClient entry.After you have created the entry, change the DWORD value to the desired bit length.If not configured, the default value will be 0x8000 bytes.

To specify a maximum allowed size of fragmented TLS handshake messages that the TLS server will accept when there is no client authentication, create a MessageLimitServer entry.After you have created the entry, change the DWORD value to the desired bit length.If not configured, the default value will be 0x4000 bytes.

To specify a maximum allowed size of fragmented TLS handshake messages that the TLS server will accept when there is client authentication, create a MessageLimitServerClientAuth entry.After you have created the entry, change the DWORD value to the desired bit length.If not configured, the default value will be 0x8000 bytes.

SendTrustedIssuerList

This entry controls the flag that is used when the list of trusted issuers is sent.In the case of servers that trust hundreds of certification authorities for client authentication, there are too many issuers for the server to be able to send them all to the client computer when requesting client authentication.In this situation, this registry key can be set, and instead of sending a partial list, the Schannel SSP will not send any list to the client.

Not sending a list of trusted issuers might impact what the client sends when it is asked for a client certificate.For example, when Internet Explorer receives a request for client authentication, it only displays the client certificates that chain up to one of the certification authorities that is sent by the server.If the server did not send a list, Internet Explorer displays all of the client certificates that are installed on the client.

This behavior might be desirable.For example, when PKI environments include cross certificates, the client and server certificates will not have the same root CA; therefore, Internet Explorer cannot chose a certificate that chains up to one of the server’s CAs.By configuring the server to not send a trusted issuer list, Internet Explorer will send all its certificates.

This entry does not exist in the registry by default.

Default Send Trusted Issuer List behavior

Windows server 12 administracion de equipos
Windows versionTime
Windows Server 2012 and Windows 8 and laterFALSE
Windows Server 2008 R2 and Windows 7 and earlierTRUE

Applicable versions: All versions beginning with Windows Server 2008 and Windows Vista.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

ServerCacheTime

This entry controls the amount of time in milliseconds that the operating system takes to expire server-side cache entries.A value of 0 disables the server-side session cache and prevents reconnection.Increasing ServerCacheTime above the default values causes Lsass.exe to consume additional memory.Each session cache element typically requires 2 to 4 KB of memory.This entry does not exist in the registry by default.

Applicable versions: All versions beginning with Windows Server 2008 and Windows Vista.

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

Default server cache time: 10 hours

SSL 2.0

This subkey controls the use of SSL 2.0.

Beginning with Windows 10, version 1607 and Windows Server 2016, SSL 2.0 has been removed and is no longer supported.For a SSL 2.0 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the SSL 2.0 protocol, create an Enabled entry in either the Client or Server subkey, as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

SSL 2.0 subkey table

SubkeyDescription
ClientControls the use of SSL 2.0 on the SSL client.
ServerControls the use of SSL 2.0 on the SSL server.

To disable SSL 2.0 for client or server, change the DWORD value to 0.If an SSPI app requests to use SSL 2.0, it will be denied.

To disable SSL 2.0 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explcitly requests to use SSL 2.0, it may be negotiated.

The following example shows SSL 2.0 disabled in the registry:

SSL 3.0

This subkey controls the use of SSL 3.0.

Beginning with Windows 10, version 1607 and Windows Server 2016, SSL 3.0 has been disabled by default.For SSL 3.0 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the SSL 3.0 protocol, create an Enabled entry in either the Client or Server subkey, as described in the following table.
This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

SSL 3.0 subkey table

SubkeyDescription
ClientControls the use of SSL 3.0 on the SSL client.
ServerControls the use of SSL 3.0 on the SSL server.

To disable SSL 3.0 for client or server, change the DWORD value to 0.If an SSPI app requests to use SSL 3.0, it will be denied.

To disable SSL 3.0 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use SSL 3.0, it may be negotiated.

The following example shows SSL 3.0 disabled in the registry:

TLS 1.0

This subkey controls the use of TLS 1.0.

For TLS 1.0 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the TLS 1.0 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

TLS 1.0 subkey table

SubkeyDescription
ClientControls the use of TLS 1.0 on the TLS client.
ServerControls the use of TLS 1.0 on the TLS server.

To disable TLS 1.0 for client or server, change the DWORD value to 0.If an SSPI app requests to use TLS 1.0, it will be denied.

To disable TLS 1.0 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use TLS 1.0, it may be negotiated.

The following example shows TLS 1.0 disabled in the registry:

TLS 1.1

This subkey controls the use of TLS 1.1.

For TLS 1.1 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols How to bypass sims 4 serial key.

To enable the TLS 1.1 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

TLS 1.1 subkey table

SubkeyDescription
ClientControls the use of TLS 1.1 on the TLS client.
ServerControls the use of TLS 1.1 on the TLS server.

To disable TLS 1.1 for client or server, change the DWORD value to 0.If an SSPI app requests to use TLS 1.1, it will be denied.

To disable TLS 1.1 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use TLS 1.1, it may be negotiated.

The following example shows TLS 1.1 disabled in the registry:

TLS 1.2

This subkey controls the use of TLS 1.2.

For TLS 1.2 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the TLS 1.2 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

The sims 3 key generator. The keys are all safe to use and can be redeemed directly through your Steam Account.

TLS 1.2 subkey table

SubkeyDescription
ClientControls the use of TLS 1.2 on the TLS client.
ServerControls the use of TLS 1.2 on the TLS server.

To disable TLS 1.2 for client or server, change the DWORD value to 0.If an SSPI app requests to use TLS 1.2, it will be denied.

To disable TLS 1.2 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use TLS 1.2, it may be negotiated.

The following example shows TLS 1.2 disabled in the registry:

DTLS 1.0

This subkey controls the use of DTLS 1.0.

For DTLS 1.0 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the DTLS 1.0 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

DTLS 1.0 subkey table

SubkeyDescription
ClientControls the use of DTLS 1.0 on the DTLS client.
ServerControls the use of DTLS 1.0 on the DTLS server.

To disable DTLS 1.0 for client or server, change the DWORD value to 0.If an SSPI app requests to use DTLS 1.0, it will be denied.

To disable DTLS 1.0 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use DTLS 1.0, it may be negotiated.

The following example shows DTLS 1.0 disabled in the registry:

DTLS 1.2

This subkey controls the use of DTLS 1.2.

For DTLS 1.2 default settings, see Protocols in the TLS/SSL (Schannel SSP).

Registry path: HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

To enable the DTLS 1.2 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table.This entry does not exist in the registry by default.After you have created the entry, change the DWORD value to 1.

DTLS 1.2 subkey table

SubkeyDescription
ClientControls the use of DTLS 1.2 on the DTLS client.
ServerControls the use of DTLS 1.2 on the DTLS server.

To disable DTLS 1.2 for client or server, change the DWORD value to 0.If an SSPI app requests to use DTLS 1.0, it will be denied.

To disable DTLS 1.2 by default, create a DisabledByDefault entry and change the DWORD value to 1.If an SSPI app explicitly requests to use DTLS 1.2, it may be negotiated.

The following example shows DTLS 1.1 disabled in the registry: