The Network Security: Configure encryption types allowed for Kerberos setting should be configured correctly. Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for Kerberos, preventing the use of the DES encryption suites. This policy is supported on at least Windows 7 or Windows Server 2008 R2. When this policy setting is not defined, all Crypto systems except DES will be available for encryption. Users can define this policy setting to enable/disable each individual Crypto system, including DES. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Configure encryption types allowed for Kerberos (2) KEY: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes