This controls whether the server offers or even demands the use of the netlogon schannel. server schannel = no does not offer the schannel, server schannel = auto offers the schannel but does not enforce it, and server schannel = yes denies access if the client is not able to speak netlogon schannel. This is only the case for Windows NT4 before SP4. Please note that with this set to no you will have to apply the WindowsXP requireSignOrSeal-Registry patch found in the docs/Registry subdirectory. Default: server schannel = auto Example: server schannel = yes