Solved

FIPS on RDP (encryption on RDP)

Posted on 2011-09-12
4
1,069 Views
Last Modified: 2012-05-12
Hi Experts,
One of my customers requested to enable encryption on the RDP.  For this he would like to enable the group policy option: “Set client connection encryption level” from Not configured to FIPS. (See attached screenshot for more information).
My question is this: is this configuration affect only the RDP/TS connection or it should affect other areas of the server?
 If this server run IIS application should we encounter with any issue by enabling this setting?
I am trying to understand what is the risk of enabling this option other than “breaking” the RDP/TS?

Information.jpg
0
Comment
Question by:dpatel_team
  • 2
4 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 36521481
some info on effects of enabling FIPS

http://support.microsoft.com/kb/811833
0
 
LVL 18

Accepted Solution

by:
Netflo earned 500 total points
ID: 36528204
Hi,

In reply to your questions...

1. It will primarily affect the TS connection only,
2. As you've mentioned that have an IIS application, this should not affect it as long as it is accessed via port 80. If you have a HTTPS (port 443) connection then connectivity will be forced to use TLS 1.0, which shouldn't be a problem for most client operating systems, as it is already enabled. I would refer to the following link for further reading: http://support.microsoft.com/kb/811834

Just a heads up, why not manually enable the setting on your TS first and review connectivity and IIS application connectivity before launching system wide changes across multiple TS via GPO. This way if this causes a problem it can be easily corrected within a few clicks.

Hope this helps.
0
 

Author Comment

by:dpatel_team
ID: 36528714
Hi All,

After doing some testing it appears that it actually does affect the IIS application (for some reason).

Just warning to everyone who is going to enable this option and think that it will affect only the TS connection.

0
 
LVL 18

Expert Comment

by:Netflo
ID: 36528880
Cheers for the update, thanks.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question