From 0d091db499402eb9abbd07cbc295f161a67d8587 Mon Sep 17 00:00:00 2001
From: hanzzzzz <hanzzzzz@users.noreply.github.com>
Date: Wed, 3 Sep 2025 16:46:07 +0200
Subject: [PATCH] Fix values of KeyProtection key

Fix the allowed values of the KeyProtection key in certificate request .inf files.
---
 WindowsServerDocs/administration/windows-commands/certreq_1.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WindowsServerDocs/administration/windows-commands/certreq_1.md b/WindowsServerDocs/administration/windows-commands/certreq_1.md
index f848442f90..876266060b 100644
--- a/WindowsServerDocs/administration/windows-commands/certreq_1.md
+++ b/WindowsServerDocs/administration/windows-commands/certreq_1.md
@@ -121,7 +121,7 @@ This area of the INF file is mandatory for any new certificate request templates
 | Silent | By default, this option allows the CSP access to the interactive user desktop and request information such as a smart card PIN from the user. If this key is set to TRUE, the CSP must not interact with the desktop and will be blocked from displaying any user interface to the user. | `true | false` | `Silent = true` |
 | SMIME | If this parameter is set to TRUE, an extension with the object identifier value 1.2.840.113549.1.9.15 is added to the request. The number of object identifiers depends on the operating system version installed and CSP capability, which refers to symmetric encryption algorithms that may be used by Secure Multipurpose Internet Mail Extensions (S/MIME) applications such as Outlook. | `true | false` | `SMIME = true` |
 | UseExistingKeySet | This parameter is used to specify that an existing key pair should be used in building a certificate request. If this key is set to TRUE, you must also specify a value for the RenewalCert key or the KeyContainer name. You must not set the Exportable key because you can't change the properties of an existing key. In this case, no key material is generated when the certificate request is built. | `true | false` | `UseExistingKeySet = true` |
-| KeyProtection | Specifies a value that indicates how a private key is protected before use. | <ul><li>`XCN_NCRYPT_UI_NO_PROTCTION_FLAG -- 0`</li><li>`XCN_NCRYPT_UI_PROTECT_KEY_FLAG -- 1`</li><li>`XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG -- 2`</li></ul> | `KeyProtection = NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG` |
+| KeyProtection | Specifies a value that indicates how a private key is protected before use. | <ul><li>`NCRYPT_UI_NO_PROTECTION_FLAG -- 0`</li><li>`NCRYPT_UI_PROTECT_KEY_FLAG -- 1`</li><li>`NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG -- 2`</li></ul> | `KeyProtection = NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG` |
 | SuppressDefaults | Specifies a Boolean value that indicates whether the default extensions and attributes are included in the request. The defaults are represented by their object identifiers (OIDs). | `true | false` | `SuppressDefaults = true` |
 | FriendlyName | A friendly name for the new certificate. | Text | `FriendlyName = Server1` |
 | ValidityPeriodUnits | Specifies many units that are to be used with ValidityPeriod. Note: This is used only when the `request type=cert`. | Numeric | `ValidityPeriodUnits = 3` |