Windows Active Directory question

[Galaril]

For the following AD security configuration:

"Prevent the transfer of Passwords in Clear Text - Disabled."

What is the risk of enabling this setting on the Active Directory top layer? I would think that it should be enabled and that it would not affect to much.

[hoopsguy]

Is this the reversible encryption setting? If so, this is the text from the MS documentation on when to enable this setting:

Store passwords using reversible encryption provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.

•	This policy is required when using Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS).

Source: http://www.microsoft.com/technet/pro...p/strngpw.mspx