Configure data encryption for a connection
Applies To: Windows Server 2008 R2, Windows Server 7
You can use this procedure to configure data encryption for a network connection.
Any user account can be used to complete this procedure.
To configure data encryption for a network connection
Right-click the network connection that you want to configure, and then click Properties. The connection Properties dialog box opens.
In the connection Properties dialog box, click the Security tab. Click Data encryption, and select one of the following settings:
No encryption allowed (server will disconnect if it requires encryption). With this setting, you are specifying that the local computer will not allow encrypted connections with the network access server. If the network access server, such as a dial-up or VPN server, allows unencrypted connections, the connection might be allowed. If the network access server is configured to require encryption, the network access server will deny the connection because the connecting computer is not configured to allow encrypted connections. This setting is not recommended because it does not enable the additional security that encryption provides.
Optional encryption (connect even if no encryption). With this setting, you are specifying that the local computer can connect to a network access server with or without data encryption for the connection. This setting is not recommended because it is possible to connect to a network access server that does not require encryption. In this circumstance, an unencrypted connection might be established, and the data that flows between your computer and the network access server is unprotected by data encryption.
Require encryption (disconnect if server declines). With this setting, you are specifying that the local computer requires data encryption. If the network access server is configured to provide encrypted connections, an encrypted connection might be established. If the network access server is configured to provide unencrypted connections only, and therefore declines to establish an encrypted connection, the local computer disconnects and no connection is established. This setting is recommended because it prevents the creation of unencrypted connections, allowing only connections that are protected by data encryption.
Maximum strength encryption (disconnect if server declines).With this setting, you are specifying that the local computer requires maximum strength encryption for all connections to network access servers. If the network access servers to which you connect do not support the strongest forms of encryption, the local computer disconnects and no connection is established.