Specify a Hash Algorithm
Applies To: Windows Server 2008, Windows Server 2012
Specifying a hash algorithm
Using the Windows interface
Using a command line
To specify a hash algorithm by using the Windows interface
To open the NAP client configuration console, click Start, click All Programs, click Accessories, click Run, type NAPCLCFG.MSC, and click OK.
In the console tree, open Health Registration Settings, and click Request Policy.
Right-click Hash algorithms, and then click Properties.
In the Hash algorithms Properties dialog box, click Specific, and then click the hash algorithm you want to use.
Additional considerations
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you configure request policy settings on your client computers, you must configure identical request policy settings on your HRA servers. If your HRA servers are not configured to use exactly the same asymmetric key algorithm, hash algorithm, and cryptographic service provider as your client computers, then your HRA servers will not be able to communicate with your client computers. Your client computers could be deemed unhealthy and could have limited network connectivity.
To specify a hash algorithm by using a command line
To open a command prompt, click Start, click All Programs, click Accessories, and click Command Prompt.
Type the following to obtain a list of the hash algorithms that are supported on the client computer: netsh nap client show hashes
Type: netsh nap client set hash oid = <oid>
The following table provides a guideline for the placeholder text in the Netsh command.
Placeholder | Possible Values | Description |
---|---|---|
<oid> |
The object identifier (OID) of any supported hash algorithm. |
The object identifier of the hash algorithm you want to use to encrypt communication between a client computer and an HRA server. The default is 1.3.14.3.2.29 (sha1RSA). |
Additional considerations
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you configure request policy settings on your client computers, you must configure identical request policy settings on your HRA servers. If your HRA servers are not configured to use exactly the same asymmetric key algorithm, hash algorithm, and cryptographic service provider as your client computers, then your HRA servers will not be able to communicate with your client computers. Your client computers could be deemed unhealthy and could have limited network connectivity.
Additional references
Configure NAP Client Request Policy