?
Solved

FIPS on RDP (encryption on RDP)

Posted on 2011-09-12
4
Medium Priority
?
1,083 Views
Last Modified: 2012-05-12
Hi Experts,
One of my customers requested to enable encryption on the RDP.  For this he would like to enable the group policy option: “Set client connection encryption level” from Not configured to FIPS. (See attached screenshot for more information).
My question is this: is this configuration affect only the RDP/TS connection or it should affect other areas of the server?
 If this server run IIS application should we encounter with any issue by enabling this setting?
I am trying to understand what is the risk of enabling this option other than “breaking” the RDP/TS?

Information.jpg
0
Comment
Question by:dpatel_team
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Steve
ID: 36521481
some info on effects of enabling FIPS

http://support.microsoft.com/kb/811833
0
 
LVL 18

Accepted Solution

by:
Netflo earned 2000 total points
ID: 36528204
Hi,

In reply to your questions...

1. It will primarily affect the TS connection only,
2. As you've mentioned that have an IIS application, this should not affect it as long as it is accessed via port 80. If you have a HTTPS (port 443) connection then connectivity will be forced to use TLS 1.0, which shouldn't be a problem for most client operating systems, as it is already enabled. I would refer to the following link for further reading: http://support.microsoft.com/kb/811834

Just a heads up, why not manually enable the setting on your TS first and review connectivity and IIS application connectivity before launching system wide changes across multiple TS via GPO. This way if this causes a problem it can be easily corrected within a few clicks.

Hope this helps.
0
 

Author Comment

by:dpatel_team
ID: 36528714
Hi All,

After doing some testing it appears that it actually does affect the IIS application (for some reason).

Just warning to everyone who is going to enable this option and think that it will affect only the TS connection.

0
 
LVL 18

Expert Comment

by:Netflo
ID: 36528880
Cheers for the update, thanks.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question