How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

Article translations Article translations
Article ID: 245030 - View products that this article applies to.
For later versions of Windows
The registry keys and their content in Windows Server 2008, Windows 7, and Windows Server 2008 R2 look different from the registry keys in Windows Server 2003 and earlier versions. The registry location in Windows 7, Windows Server 2008, and Windows Server 20008 R2 and its default contents are as follows:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel]
"EventLogging"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\CipherSuites]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Hashes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\KeyExchangeAlgorithms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001

This content is displayed in standard REGEDIT export format.

Notes
  • The Ciphers key should contain no values or subkeys.
  • The CipherSuites key should contain no values or subkeys.
  • The Hashes key should contain no values or subkeys.
  • The KeyExchangeAlgorithms key should contain no values or subkeys.
  • The Protocols key should contain the following subkeys and value:
    • Protocols
      • SSL 2.0
        • Client
          • DisabledByDefault REG_DWORD 0x00000001 (value)
Windows Server 2008 supports the following protocols:
  • SSL 2.0
  • SSL 3.0
  • TLS 1.0
Windows Server 2008 R2 and Windows 7 support the following protocols:
  • SSL 2.0
  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2
These protocols can be disabled for the server or client architecture. This means the protocol can be omitted or disabled as follows:
  • The protocol can be omitted from the list of supported protocols that are included in the Client Hello when an SSL connection is started.
  • The protocol can be disabled on the server so that the server will not respond by using that protocol even if a client requests SSL 2.0.
The client and server subkeys designate each protocol. You can disable a protocol for either the client or the server. However, disabling Ciphers, Hashes, or CipherSuites affects both client and server sides. You would have to create the necessary subkeys under the Protocols key to achieve this. For example:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
After the subkeys are created, the registry is displayed as follows:

Collapse this imageExpand this image
2880599


By default, Client SSL 2.0 is disabled in Windows Server 2008, Windows Server 2008 R2, and Windows 7. This means that the computer will not use SSL 2.0 to start a Client Hello. Therefore, the registry is displayed as follows:

Collapse this imageExpand this image
2880600
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
Exactly like Ciphers and KeyExchangeAlgorithms, Protocols can be enabled or disabled. To disable other protocols, select the side of the conversation for which you want to disable the protocol, and then add the "Enabled"=dword:00000000 value. The following example disables SSL 2.0 for the server and also SSL 2.0 for the client.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001 <Default client disabled>
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000 <Disables SSL 2.0 server-side>
After you do take this action, you have to restart the server.
Expand all | Collapse all

On This Page

Summary

This article describes how to restrict the use of certain cryptographic algorithms and protocols in the Schannel.dll file. This information also applies to independent software vendor (ISV) applications that are written for the Microsoft Cryptographic API (CAPI).

Note For registry keys that apply to Windows Server 2008 and later versions of Windows, see the "For later versions of Windows" section.

More information

The following cryptographic service providers (CSPs) that are included with Windows NT 4.0 Service Pack 6 were awarded the certificates for FIPS-140-1 crypto validation:
  • Microsoft Base Cryptographic Provider (Rsabase.dll)
  • Microsoft Enhanced Cryptographic Provider (Rsaenh.dll) (non-export version)
Microsoft TLS/SSL Security Provider, the Schannel.dll file, uses the CSPs that are listed here to conduct secure communications over SSL or TLS in its support for Internet Explorer and Internet Information Services (IIS).

You can change the Schannel.dll file to support Cipher Suite 1 and 2. However, the program must also support Cipher Suite 1 and 2. Cipher Suite 1 and 2 are not supported in IIS 4.0 and 5.0.

This article contains the necessary information to configure the TLS/SSL Security Provider for Windows NT 4.0 Service Pack 6 and later versions. You can use the Windows registry to control the use of specific SSL 3.0 or TLS 1.0 cipher suites with respect to the cryptographic algorithms that are supported by the Base Cryptographic Provider or the Enhanced Cryptographic Provider.

Note In Windows NT 4.0 Service Pack 6, the Schannel.dll file does not use the Microsoft Base DSS Cryptographic Provider (Dssbase.dll) or the Microsoft DS/Diffie-Hellman Enhanced Cryptographic Provider (Dssenh.dll).

Cipher suites

Both SSL 3.0 (http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt) and TLS 1.0 (RFC2246) with INTERNET-DRAFT "56-bit Export Cipher Suites For TLS draft-ietf-tls-56-bit-ciphersuites-00.txt" provide options to use different cipher suites. Each cipher suite determines the key exchange, authentication, encryption, and MAC algorithms that are used in an SSL/TLS session. Notice that when you use RSA as both key exchange and authentication algorithms, the term RSA appears only one time in the corresponding cipher suite definitions.

The Windows NT 4.0 Service Pack 6 Microsoft TLS/SSL Security Provider supports the following SSL 3.0-defined "CipherSuite" when you use the Base Cryptographic Provider or the Enhanced Cryptographic Provider:
Collapse this tableExpand this table
SSL_RSA_EXPORT_WITH_RC4_40_MD5{ 0x00,0x03 }
SSL_RSA_WITH_RC4_128_MD5{ 0x00,0x04 }
SSL_RSA_WITH_RC4_128_SHA{ 0x00,0x05 }
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5{ 0x00,0x06 }
SSL_RSA_WITH_DES_CBC_SHA{ 0x00,0x09 }
SSL_RSA_WITH_3DES_EDE_CBC_SHA{ 0x00,0x0A }
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA{ 0x00,0x62 }
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA{ 0x00,0x64 }
Note Neither SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA nor SSL_RSA_EXPORT1024_WITH_RC4_56_SHA is defined in SSL 3.0 text. However, several SSL 3.0 vendors support them. This includes Microsoft.

Windows NT 4.0 Service Pack 6 Microsoft TLS/SSL Security Provider also supports the following TLS 1.0-defined "CipherSuite" when you use the Base Cryptographic Provider or Enhanced Cryptographic Provider:

Collapse this tableExpand this table
TLS_RSA_EXPORT_WITH_RC4_40_MD5{ 0x00,0x03 }
TLS_RSA_WITH_RC4_128_MD5{ 0x00,0x04 }
TLS_RSA_WITH_RC4_128_SHA{ 0x00,0x05 }
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5{ 0x00,0x06 }
TLS_RSA_WITH_DES_CBC_SHA{ 0x00,0x09 }
TLS_RSA_WITH_3DES_EDE_CBC_SHA{ 0x00,0x0A }
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA{ 0x00,0x62 }
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA{ 0x00,0x64 }
Note A cipher suite that is defined by using the first byte "0x00" is non-private and is used for open interoperable communications. Therefore, the Windows NT 4.0 Service Pack 6 Microsoft TLS/SSL Security Provider follows the procedures for using these cipher suites as specified in SSL 3.0 and TLS 1.0 to make sure of interoperability.

Schannel-specific registry keys

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Note Any changes to the contents of the CIPHERS key or the HASHES key take effect immediately, without a system restart.

SCHANNEL key

Start Registry Editor (Regedt32.exe), and then locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

SCHANNEL\Protocols subkey

To enable the system to use the protocols that will not be negotiated by default (such as TLS 1.1 and TLS 1.2), change the DWORD value data of the DisabledByDefault value to 0x0 in the following registry keys under the Protocols key:
  • SCHANNEL\Protocols\TLS 1.1\Client
  • SCHANNEL\Protocols\TLS 1.1\Server
  • SCHANNEL\Protocols\TLS 1.2\Client
  • SCHANNEL\Protocols\TLS 1.2\Server
Warning The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential.

SCHANNEL\Ciphers subkey

The Ciphers registry key under the SCHANNEL key is used to control the use of symmetric algorithms such as DES and RC4. The following are valid registry keys under the Ciphers key.
SCHANNEL\Ciphers\RC4 128/128 subkey
RC4 128/128

This subkey refers to 128-bit RC4.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled. This registry key does not apply to an exportable server that does not have an SGC certificate.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_RC4_128_SHA
SCHANNEL\Ciphers\Triple DES 168/168 subkey
Triple DES 168

This registry key refers to 168-bit Triple DES as specified in ANSI X9.52 and Draft FIPS 46-3. This registry key does not apply to the export version.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD data to 0x0. If you do not configure the Enabled value, the default is enabled.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SCHANNEL\Ciphers\RC2 128/128 subkey
RC2 128/128

This registry key refers to 128-bit RC2. It does not apply to the export version.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

SCHANNEL\Ciphers\RC4 64/128 subkey
RC4 64/128

This registry key refers to 64-bit RC4. It does not apply to the export version (but is used in Microsoft Money).

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

SCHANNEL\Ciphers\RC4 56/128 subkey
RC4 56/128

This registry key refers to 56-bit RC4.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

Disabling this algorithm effectively disallows the following:
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
SCHANNEL\Ciphers\RC2 56/128 subkey
RC2 56/128

This registry key refers to 56-bit RC2.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

SCHANNEL\Ciphers\RC2 56/56 subkey

DES 56

This registry key refers to 56-bit DES as specified in FIPS 46-2. Its implementation in the Rsabase.dll and Rsaenh.dll files is validated under the FIPS 140-1 Cryptographic Module Validation Program.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
SCHANNEL\Ciphers\RC4 40/128 subkey

RC4 40/128

This refers to 40-bit RC4.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
SCHANNEL\Ciphers\RC2 40/128 subkey

RC2 40/128

This registry key refers to 40-bit RC2.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SCHANNEL\Ciphers\NULL subkey

NULL

This registry key means no encryption. By default, it is turned off.

To turn off encryption (disallow all cipher algorithms), change the DWORD value data of the Enabled value to 0xffffffff. Otherwise, change the DWORD value data to 0x0.

SCHANNEL/Hashes subkey

The Hashes registry key under the SCHANNEL key is used to control the use of hashing algorithms such as SHA-1 and MD5. The following are valid registry keys under the Hashes key.

SCHANNEL\Hashes\MD5 subkey

MD5

To allow this hashing algorithm, change the DWORD value data of the Enabled value to the default value 0xffffffff. Otherwise, change the DWORD value data to 0x0.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SCHANNEL\Hashes\SHA subkey

SHA

This registry key refers to Secure Hash Algorithm (SHA-1), as specified in FIPS 180-1. Its implementation in the Rsabase.dll and Rsaenh.dll files is validated under the FIPS 140-1 Cryptographic Module Validation Program.

To allow this hashing algorithm, change the DWORD value data of the Enabled value to the default value 0xffffffff. Otherwise, change the DWORD value data to 0x0.

Disabling this algorithm effectively disallows the following:
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

SCHANNEL/KeyExchangeAlgorithms subkey

The KeyExchangeAlgorithms registry key under the SCHANNEL key is used to control the use of key exchange algorithms such as RSA. The following are valid registry keys under the KeyExchangeAlgorithms key.

SCHANNEL\KeyExchangeAlgorithms\PKCS Subkey
PKCS

This registry key refers to the RSA as the key exchange and authentication algorithms.

To allow RSA, change the DWORD value data of the Enabled value to the default value 0xffffffff. Otherwise, change the DWORD data to 0x0.

Disabling RSA effectively disallows all RSA-based SSL and TLS cipher suites supported by the Windows NT4 SP6 Microsoft TLS/SSL Security Provider.

FIPS 140-1 cipher suites

You may want to use only those SSL 3.0 or TLS 1.0 cipher suites that correspond to FIPS 46-3 or FIPS 46-2 and FIPS 180-1 algorithms provided by the Microsoft Base or Enhanced Cryptographic Provider.

In this article, we refer to them as FIPS 140-1 cipher suites. Specifically, they are as follows:
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
To use only FIPS 140-1 cipher suites as defined here and supported by Windows NT 4.0 Service Pack 6 Microsoft TLS/SSL Security Provider with the Base Cryptographic Provider or the Enhanced Cryptographic Provider, configure the DWORD value data of the Enabled value in the following registry keys to 0x0:
  • SCHANNEL\Ciphers\RC4 128/128
  • SCHANNEL\Ciphers\RC2 128/128
  • SCHANNEL\Ciphers\RC4 64/128
  • SCHANNEL\Ciphers\RC4 56/128
  • SCHANNEL\Ciphers\RC2 56/128
  • SCHANNEL\Ciphers\RC4 40/128
  • SCHANNEL\Ciphers\RC2 40/128
  • SCHANNEL\Ciphers\NULL
  • SCHANNEL\Hashes\MD5
And configure the DWORD value data of the Enabled value in the following registry keys to 0xffffffff:
  • SCHANNEL\Ciphers\DES 56/56
  • SCHANNEL\Ciphers\Triple DES 168/168" [not applicable in export version]
  • SCHANNEL\Hashes\SHA
  • SCHANNEL\KeyExchangeAlgorithms\PKCS

Master secret computation by using FIPS 140-1 cipher suites

The procedures for using the FIPS 140-1 cipher suites in SSL 3.0 differ from the procedures for using the FIPS 140-1 cipher suites in TLS 1.0.

In SSL 3.0, the following is the definition master_secret computation:

In TLS 1.0, the following is the definition master_secret computation:

where:

Selecting the option to use only FIPS 140-1 cipher suites in TLS 1.0:

Because of this difference, customers may want to prohibit the use of SSL 3.0 even though the allowed set of cipher suites is limited to only the subset of FIPS 140-1 cipher suites. In that case, change the DWORD value data of the Enabled value to 0x0 in the following registry keys under the Protocols key:
  • SCHANNEL\Protocols\SSL 3.0\Client
  • SCHANNEL\Protocols\SSL 3.0\Server
Warning The Enabled value data in these registry keys under the Protocols key takes precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential. The default Enabled value data is 0xffffffff.

Example registry files

Two examples of registry file content for configuration are provided in this section of the article. They are Export.reg and Non-export.reg.

In a computer that is running Windows NT 4.0 Service Pack 6 with the exportable Rasbase.dll and Schannel.dll files, run Export.reg to make sure that only TLS 1.0 FIPS cipher suites are used by the computer.

In a computer that is running Windows NT 4.0 Service Pack 6 that includes the non-exportable Rasenh.dll and Schannel.dll files, run Non-export.reg to make sure that only TLS 1.0 FIPS cipher suites are used by the computer.

For the Schannel.dll file to recognize any changes under the SCHANNEL registry key, you must restart the computer.

To return the registry settings to default, delete the SCHANNEL registry key and everything under it. If these registry keys are not present, the Schannel.dll rebuilds the keys when you restart the computer.

Properties

Article ID: 245030 - Last Review: December 10, 2013 - Revision: 9.0
Applies to
  • Windows Server 2012 Standard
  • Windows Server 2012 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Datacenter
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Server 2008 Datacenter
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Keywords: 
kbenv kbinfo KB245030

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com