Solved

FIPS on RDP (encryption on RDP)

Posted on 2011-09-12
4
1,064 Views
Last Modified: 2012-05-12
Hi Experts,
One of my customers requested to enable encryption on the RDP.  For this he would like to enable the group policy option: “Set client connection encryption level” from Not configured to FIPS. (See attached screenshot for more information).
My question is this: is this configuration affect only the RDP/TS connection or it should affect other areas of the server?
 If this server run IIS application should we encounter with any issue by enabling this setting?
I am trying to understand what is the risk of enabling this option other than “breaking” the RDP/TS?

Information.jpg
0
Comment
Question by:dpatel_team
  • 2
4 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 36521481
some info on effects of enabling FIPS

http://support.microsoft.com/kb/811833
0
 
LVL 18

Accepted Solution

by:
Netflo earned 500 total points
ID: 36528204
Hi,

In reply to your questions...

1. It will primarily affect the TS connection only,
2. As you've mentioned that have an IIS application, this should not affect it as long as it is accessed via port 80. If you have a HTTPS (port 443) connection then connectivity will be forced to use TLS 1.0, which shouldn't be a problem for most client operating systems, as it is already enabled. I would refer to the following link for further reading: http://support.microsoft.com/kb/811834

Just a heads up, why not manually enable the setting on your TS first and review connectivity and IIS application connectivity before launching system wide changes across multiple TS via GPO. This way if this causes a problem it can be easily corrected within a few clicks.

Hope this helps.
0
 

Author Comment

by:dpatel_team
ID: 36528714
Hi All,

After doing some testing it appears that it actually does affect the IIS application (for some reason).

Just warning to everyone who is going to enable this option and think that it will affect only the TS connection.

0
 
LVL 18

Expert Comment

by:Netflo
ID: 36528880
Cheers for the update, thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question