In enterprise environments, learning how to change the encryption level for file sharing is essential. Employees may be required to share various confidential files, and encryption is a basic security measure that can help prevent data breaches. You may also need to do this for legacy devices and hardware to ensure compliance with your organization’s security policies.
5 ways to change the encryption level for file sharing connections
Individual users can use Settings or the Control Panel to change the encryption level. For managed environments, administrators can make Registry edits using the Registry Editor, Windows PowerShell, or by creating a .reg file.
📌 Prerequisites:
- This guide applies to all versions of Windows 11.
- You will need administrator privileges to change the encryption level for file sharing connections. To check if you have the necessary permissions, open the Start Menu → Settings → Accounts. The word “Administrator” should be printed under your username.
📌 Recommended deployment strategies:
| Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Configure via Settings (GUI) | ✓ | |
| Method 2: Configure via Control Panel (GUI) | ✓ | |
| Method 3: Configure via Registry Editor | ✓ | ✓ |
| Method 4: PowerShell script for automation | ✓ | |
| Method 5: Create a .reg file | ✓ |
Method 1: Configure via Settings (GUI)
📌 Use Case: This method is ideal for individual users.
- Open the Start Menu → Settings.
- Select Network & internet → Advanced network settings.
- Scroll down to More settings, and click Advanced sharing settings.
- Select the All networks dropdown.
- Click the dropdown menu for File sharing connections and select your preferred type of encryption settings. 128-bit encryption is the recommended encryption for most scenarios.
Method 2: Configure via Control Panel (GUI)
📌 Use Case: This method is recommended for individual users.
- Open the Start Menu and search for Control Panel to open the program.
- Select Network and Sharing Center.
- In the left sidebar, select Change advanced sharing settings. This will open a new window.
- Select the All networks dropdown.
- Click the dropdown menu for File sharing connections and select your preferred type of encryption settings. 128-bit encryption is the recommended encryption for most scenarios.
Method 3: Configure via Registry Editor
📌 Use Cases: This method is recommended for power users or managed devices.
- Open the Start Menu and search for Registry Editor to open the program.
- Navigate to this address: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Select NtlmMinClientSec.
- Change the value to 20000000 for 128-bit encryption.
- Change the value to 00000000 for 40 or 56-bit encryption.
- Click OK.
- Select NtlmMinServerSec.
- Change the value to 20000000 for 128-bit encryption.
- Change the value to 00000000 for 40 or 56-bit encryption.
- Click OK.
- Restart the computer to apply the changes.
Method 4: PowerShell script for automation
📌 Use Cases: This method is recommended for enterprise environments. You can deploy a script and make the registry changes to all your managed devices quickly and efficiently.
- Open the Start Menu and search for Windows PowerShell. Right-click and select Run as administrator.
- To change to 128-bit encryption, use this command and press Enter:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinClientSec" -Value 20000000
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinServerSec" -Value 20000000
To change to 40 or 56-bit encryption, use this command and press Enter:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinClientSec" -Value 00000000
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinServerSec" -Value 00000000
- You can now close Windows PowerShell. Restart your computer to apply the changes.
Method 5: Create a .reg file
📌 Use Cases: This method is recommended for enterprise environments and can be combined with other Registry edits you have to make.
- Open the Start Menu and search for Notepad to open the program.
- To change to 128-bit encryption, type this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:20000000
"NtlmMinServerSec"=dword:20000000
To change to 40 or 56-bit encryption, type this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:00000000
"NtlmMinServerSec"=dword:00000000
- Click File → Save as.
- Select the Save as type dropdown, then click All files.
- Name it Encryption_level.reg.
- Click Save. You can now close Notepad.
- Go to where you saved the .reg file and double-click it to run the file.
- Restart your computer to apply the changes.
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| 40 or 56-bit encryption is less secure than 128-bit encryption. | 40 or 56-bit encryption may be more vulnerable to modern code-breaking techniques and pose a security risk. | Use 128-bit encryption in your enterprise environment. If your hardware cannot support that, use other security tools. |
| A user might make incorrect edits to the Windows Registry. | Incorrect edits to the Windows Registry may lead to incorrect settings and system instability. | Create a backup of the Windows Registry before making changes. You can use that to restore the Registry to its previous state if something goes wrong. |
Additional Considerations before changing the encryption level for file sharing
- 128-bit is stronger than 40 or 56-bit encryption. It is the recommended encryption level for enterprise environments.
- Some devices don’t support 128-bit encryption. In that case, use 40 or 56-bit encryption instead.
- You can deploy Registry edits using a remote PowerShell tool or an endpoint management tool.
What is encrypted file sharing?
File encryption takes a file and converts it into an unreadable format using a cipher and cryptographic algorithms. To access the information in the file again, you will need a decryption access key to unlock the data.
Windows 11 has native features that can encrypt data when sharing it through your organization’s network. It offers both 128-bit encryption and 40 or 56-bit encryption, though it’s important to keep in mind that 40-bit or 56-bit encryption is a legacy option that may not provide the needed security against modern data-breaching methods.
Why manage file sharing encryption settings?
File encryption can enforce higher security standards in your organization by improving data confidentiality on LAN and cross-site connections. It will help you better align with your company’s data protection practices and minimize the risk of a data breach.
Improve organization security by managing file encryption levels
Encrypting files as you share them through your organization’s network is an essential security tool. It protects your company from data breaches and ensures your managed devices comply with current security best practices.
There are several ways to change the encryption level for file sharing connections in Windows 11. Individual users can do it through Settings or the Control Panel. Registry edits, on the other hand, can be made for power users or managed environments. You can do this through the Registry Editor, Windows PowerShell, or by creating a .reg file.
Related topics:
- How to Turn On or Off Device Encryption in Windows 11
- How to Enable or Disable NTFS File Encryption in Windows
- How to Import Your EFS File Encryption Certificate and Key in Windows 10
- What Is File Encryption?
- How to Share Files and Folders Over a Network in Windows
Quick-Start Guide
Here’s how you can address the Event Log size for Kernel-EventTracing:
1. NinjaOne provides a script in their script library called “Set Event Log Max Size” that can help you change the maximum size of event logs.
2. For Kernel-EventTracing specifically:
– Open Event Viewer
– Navigate to Applications and Services Logs > Microsoft > Windows > Kernel-EventTracing
– Right-click on the log and select Properties
– Adjust the maximum log size as needed
3. You can also use the Windows command-line tool wevtutil to modify log sizes programmatically.
To use the NinjaOne script:
1. Go to Scripting in the NinjaOne dashboard
2. Search for “Set Event Log Max Size”
3. Create a script to target the Kernel-EventTracing log and increase its size
Alternatively, if you want to use a PowerShell approach, you could use a script like this:
powershell
wevtutil sl “Microsoft-Windows-Kernel-EventTracing/Admin” /ms:256000000
This command sets the maximum size to 256 MB for the Kernel-EventTracing/Admin log.
