This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password distinct from their domain password every time that they use a key, then it will be more difficult for an attacker to access locally stored keys, even an attacker who discovers logon passwords. System Cryptography: Force strong key protection for user keys stored on the computer This security setting determines if users' private keys require a password to be used. The options are: User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public key infrastructure. Default: This policy is not defined. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!System cryptography: Force strong key protection for user keys stored on the computer (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography!ForceKeyProtection