System cryptography: Force strong key protection for user keys stored on the computer

What is System cryptography: Force strong key protection for user keys stored on the computer setting?

This security policy instructs the user to provide a different password other than their domain password to access the security keys stored on a specific computer. It is recommended that you enable this policy because it will prevent unauthorized access of security keys even in the case of domain credential compromise.

There are three states for defining this policy:

• User input is not required when new keys are stored and used
• User is prompted when the key is first used
• User must enter a password each time they use a key

About ADAudit Plus:

ADAudit Plus is a real time change auditing software that helps keep your Active Directory, Azure AD, Windows file servers, NetApp filers, EMC file systems, Synology file systems, Windows member servers, and workstations secure and compliant. With ADAudit Plus, you can get visibility into:

• Authorized and unauthorized AD management changes
• User logons, logoffs, and account lockouts
• GPO changes
• Group attribute and membership changes
• OU changes
• Privileged access and permission changes
• Azure AD logons, and changes to roles, groups, and applications
• PowerShell scripts and modules

among other things.

There are more than 200 event-specific reports, and you can configure instant email alerts. You can also export the reports to XLS, HTML, PDF and CSV formats to assist in interpretation and forensics. For more information on ADAudit Plus, visit: https://www.manageengine.com/active-directory-audit/.