Learn how to detect and limit or disable RC4 usage in Kerberos to enhance security in Active Directory domain environments.

Jan 26, 2026 · We will be removing RC4 as one of the assumed encryption types. We have added new auditing to help detect RC4 usage that is currently permitted through unconfigured assumed …

Dec 3, 2025 · In the current security landscape, RC4 isn’t required to ensure secure Windows authentication. You can use stronger ciphers, like AES-SHA1, for authentication among all supported …

Jan 13, 2026 · To learn how to detect RC4 usage in your domain, audit will identify device and user accounts that still depend on RC4. Administrators should take steps to remediate usage in favor of …

Mar 8, 2024 · We have many customers asking questions about how to track down the usage of RC4 in their environment. Over the years, we’ve had tons of great articles that, when put together, provide a …

May 12, 2025 · Disable RC4 support for Kerberos on all domain controllers. This requires a minimum of a Windows Server 2008 domain functional level and an environment where all Kerberos clients, …

Feb 7, 2026 · To properly detect RC4 usage, you should enable Kerberos auditing on your domain controller. Recent updates to Windows Server 2022 extend these events with additional fields such …

Apr 15, 2024 · Disabling RC4 in the operating system of a device will prevent it from accepting a RC4 Kerberos ticket which is why you want to make sure the tickets consumed by a device are AES …

Nov 19, 2025 · To disable DES and RC4 encryption protocols and enable AES in your Active Directory environment, you can configure the encryption types allowed for Kerberos via Group Policy.

Jan 19, 2026 · They could still use RC4 for Kerberos ticket encryption and would then also fallback to RC4 session ticket encryption. As far as I believe the DefaultDomainSupportedEncTypes was …