How to Configure Authentication Methods

Log into the Windows 7 computer with the username and password of an account that has administrator permissions on the computer. Click the "Start" button on the Windows desktop, then click "Administrative Tools" and "Group Policy Management."

Click the "Windows Firewall Properties" link in the window that appears. Click the "IPSec Settings" tab and click "Customize." Click on the type of authentication method you wish to use on the computer. The "Default" setting uses the method defined by the local administrator account or group policy. "Computer (Using Kerberos V5)" configures the computer to authenticate with an Active Directory domain using the Kerberos V5 protocol. "User (Using Kerberos V5)" configures the computer to require computer authentication using the Active Directory domain credentials of the user that is currently logged on. "Computer Certificate from This Certification Authority" configures the computer to authenticate using a security certificate obtained from a certification authority, or CA, that you select. If you do not wish to use any of these authentication methods, proceed to the next step.

Click "Advanced" and click "Customize" to select a first authentication method and a second authentication method. Click "Computer (Kerberos V5)" to use computer domain credentials. Click "Computer (NTLMv2)" to use computer domain credentials with the NTLMv2 hash algorithm. Click "Computer Certificate from This Certification Authority (CA)" to specify a CA and certificate for authentication. Click "Preshared Key (Not Recommended)" to use a secret password for authentication.

Click "First Authentication Is Optional" to add a second authentication method. If the first authentication attempt fails, the computer can still connect if the second authentication method works. Select "User (Kerberos V5)" for the second method to configure the computer to use the domain credentials of the current logged-on user for domain authentication. Click "User (NTLMv2)" to use the current logged-on user domain credentials with the NTLMv2 hash algorithm for authentication. Click "User Health Certificate from This Certification Authority (CA)" to configure user-based authentication when a security certificate and CA are specified. Click "Computer Health Certificate from This Certification Authority (CA)" to use computer-based authentication using a specified certificate and CA.

Click "Second Authentication Is Optional" if you wish for the connection to succeed even if the second authentication method fails. Click "OK" on each window to close.