Windows Registry Editor Version 5.00Hardening Kerberos.HMAC-SHA-1 used a

1. Windows Registry Editor Version 5.00
2.  
3. Hardening Kerberos.
4.  
5. HMAC-SHA-1 used as MAC is nowhere close to being broken (neither is HMAC-MD5). SHA-1 is only broken if you need collision resistance, such as the digital signatures used with certificates. RC4 is not recommended.
6.  
7. #Enable secure protocols only: AES128_HMAC_SHA1, AES256_HMAC_SHA1
8. #[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
9. #"SupportedEncryptionTypes"=dword:00000018
10.  
11. Enable AES128_HMAC_SHA1, and AES256_HMAC_SHA1, and Future encryption types
12. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
13. "SupportedEncryptionTypes"=dword:7ffffff8
14.  
15. #Enable RC4_HMAC_MD5 (not recommended) AES128_HMAC_SHA1, and AES256_HMAC_SHA1, and Future encryption types
16. #[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters]
17. #"SupportedEncryptionTypes"=dword:7ffffffc