You can use the NAP Client Configuration console to specify the security mechanisms a client computer uses to communicate with Health Registration Authority (HRA) servers. These settings, known as request policy settings, determine which hash algorithm and cryptographic service provider (CSP) a client computer uses to encrypt communication with HRA servers. You can only specify one hash algorithm and CSP on a client computer. When specified, the client computer will use only that security mechanism to communicate with HRA servers.
You do not need to configure request policy settings on your client computers. By default, a NAP-capable client computer initiates a negotiation process with an HRA server using a mutually acceptable default security mechanism for encrypting communication. It is recommended that you use the default request policy settings.
Important | |
You should not modify request policy settings unless you have thoroughly tested your request policy settings in a secure test environment. Altering request policy settings can cause your client computers to lose network connectivity. |
If you configure request policy settings on your client computers, you must configure identical request policy settings on your HRA servers. If your HRA servers are not configured to use exactly the same hash algorithm and CSP as your client computers, then your HRA servers will not be able to communicate with client computers and client computers might be deemed unhealthy, resulting in limited network connectivity.
Specify a Cryptographic Service Provider