This option controls whether the netlogon server (currently
only in 'active directory domain controller' mode), will
reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.
You can set this to yes if all domain members support aes.
This will prevent downgrade attacks.
This option takes precedence to the 'allow nt4 crypto' option.
no