Secure key exchange is enabled by default for fresh installations of Microsoft System Center Configuration Manager 2007. If you upgrade a site, the current setting is maintained but you should enable secure key exchange to help prevent attackers from tampering with the key exchange.

If the Require secure key exchange between sites check box is enabled and the site is not publishing site data to Active Directory Domain Services, you must use the hierarchy maintenance tool (Preinst.exe) to manually copy the child site's public key to the parent site.

To require secure key exchange between sites

  1. In the Configuration Manager console navigate to System Center Configuration Manager / Site Database / Site Management / <site code> - <site name>.

  2. Right-click <site code> - <site name>, and then click Properties.

  3. In the Site Properties dialog box, click the Advanced tab, and then select Require secure key exchange between sites.

  4. Click OK.

See Also