Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to enable FIPS on windows 7

Tags:

windows

windows-7

fips

Have to test a c# application from client that is to work on a machine that has FIPS enbaled

like image 391
qazwsx Avatar asked Feb 03 '11 12:02

qazwsx

People also ask

How do I turn FIPS mode on Windows?

To use the group policy setting, open the Group Policy Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.

How do I turn off FIPS in Windows 7?

In Security Settings, expand Local Policies, and then click Security Options. Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Disabled.

How do I know if FIPS is enabled Windows?

Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\”. Look at the “Enabled” value in the right pane. If it's set to “0”, FIPS mode is disabled. If it's set to “1”, FIPS mode is enabled.

2 Answers

First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.

The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:

  1. Using an account that has administrative credentials, log on to the computer.
  2. Click Start, click Run, type gpedit.msc, and then press ENTER.
  3. In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
  4. Under the Security Settings node, double-click Local Policies, and then click Security Options.
  5. In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
  6. In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
  7. Close the Local Group Policy Editor.

If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1

Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

like image 179
Alex Avatar answered Sep 20 '22 23:09

Alex

As an alternative, for Windows 7 users (with admin rights), this is one of the "Network Properties". Step by step:

  1. click on the "Network" icon on task bar.
  2. right click > Properties on the specific Network connection
  3. switch to the "Security" tab.
  4. click on "Advanced Settings" button.
  5. click the checkbox labeled "Enable Federal Information Processing Standards (FIPS) compliance for this network.

Also, have in mind:

  • Recommended reading: http://technet.microsoft.com/en-us/magazine/ff847520.aspx
  • This setting sepends on what you have selected as "Security Type" on the Security Tab
  • Your wireless network adapter card might be doing this encryption in hardware already. This checkbox will switch from that to rather performing AES encryption in software.
like image 36
Marcelo Finki Avatar answered Sep 17 '22 23:09

Marcelo Finki
Sign in to Comment

Related questions

Reading line by line from blob Storage in Windows Azure
How do I create batch file to rename large number of files in a folder?
renaming files in cmd using wildcards
How to install GNU gettext on windows 7?
Windows 10 - How do I test touch events without a touchscreen?
django-admin.py startproject opens notepad, instead of creating a project
Get the output of a shell Command in VB.net
PHP on Windows with XAMPP running 100 times too slow
Windows Registry best practices
How to use svn+ssh with Tortoise SVN from the command line
NET START <SERVICE> - how/where to get the service name?
php : The term 'php' is not recognized as the name of a cmdlet, function, script file, or operable program
How to stop nginx for windows?
How to override Windows' convert command by ImageMagick's one?
Play video file with VLC, then quit VLC
Windows Defender - Add exclusion folder programmatically
How do I find the install directory of a Windows Service, using C#?
Running another program in Windows bat file and not create child process
Why don't scripting languages output Unicode to the Windows console?
Win bat file: How to add leading zeros to a variable in a for loop? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!