Forum Discussion
Kerberos and the End of RC4: Protocol Hardening and Preparing for CVE‑2026‑20833
So if we have msDS-SupportedEncryptionTypes attribute set to use RC4 on service accounts, computer accounts, and Domain Controllers it will be no impact even on July 2026?
- jdomke1Apr 13, 2026Copper Contributor
That's the exact opposite of what I just read. RC4 is gone come July 2026 unless you decide not to patch your DCs.
- Elanor92Apr 21, 2026
Microsoft
Actually no. Theoretically you can set the msDS-SupportedEncryptionTypes to allow RC4 on all the account and have no issue on July, but why leave such a huge vulnerability open?
I'll advice on analyzing the logs and set the attribute msDS-SupportedEncryptionTypes to allow RC4 only temporarily and when really necessary.- jigarpanchal05Jun 26, 2026Copper Contributor
Hi, We are managing a huge account where we want to keep RC4 enabled by setting msds-SET attribute. In many clients the attribute is already set to 0x1F and still reported in event id 201 for advertising only RC4. I just want to understand if this is a normal scenario and do I need to change the attribute from 0x1F to 4 (RC4 only)