This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated. Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated. Default: Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption Counter Measure: Enable all available options for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients policy setting. Potential Impact: Client applications that are enforcing these settings will be unable to communicate with older servers that do not support them. This setting could impact Windows Clustering when applied to servers running Windows Server 2003, see How to apply more restrictive security settings on a Windows Server 2003-based cluster server at http://support.microsoft.com/en-us/kb/891597 and You receive an Error 0x8007042b error message when you add or join a node to a cluster if you use NTLM version 2 in Windows Server 2003 at http://support.microsoft.com/kb/890761/ for more information on possible issues and how to resolve them. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0!NTLMMinClientSec