question

NemalikondaPChari-4767 avatar image
1 Vote"
NemalikondaPChari-4767 asked ElevenYu-MSFT commented

Terminal Services Encryption Level is not FIPS-140 Compliant

Terminal Services Encryption Level is not FIPS-140 Compliant

Please suggest me fix for this vulnerability

windows-server-2012
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElevenYu-MSFT avatar image ElevenYu-MSFT ·

Hi,

Have you checked if the answer helps?

If the Answer is helpful, please click "Accept Answer" and upvote it.

Thanks,
ELeven

0 Votes 0 ·
ElevenYu-MSFT avatar image ElevenYu-MSFT ·

Hi,

May I know if you have further questions?

If no, could you please click "Accept Answer" and upvote it, if the answer is helpful?

Thanks,
Eleven


0 Votes 0 ·

1 Answer

ElevenYu-MSFT avatar image
0 Votes"
ElevenYu-MSFT answered

Hi,

You can use group policy or registry key on the terminal server to set the Encryption Level.

Group Policy:

Computer Configuration\Windows Settings\Security Settings\Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services]
“MinEncryptionLevel” REG_DWORD set the value to 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp]
“MinEncryptionLevel” REG_DWORD set the value to 4

For your reference
https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Thanks,
Eleven

If the Answer is helpful, please click "Accept Answer" and upvote it.




5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.