How to Enable FIPS 140-2 Compliant Mode for Microsoft RDP & BitLocker

How to Enable FIPS 140-2 Compliant Mode for RDP & BitLocker



This document describes how to enable Microsoft Windows OS to operate in FIPS 140-2 Compliant Mode.

Important Notes
Microsoft's current guidance is that there is not a compelling reason for customers that are not subject to government regulations to enable FIPS mode. Please see Microsoft Guidance.
TruGrid SecureRDP does not make any change to the Microsoft RDP protocol and therefore supports production implementations of Microsoft RDP
Since the Microsoft RDP protocol is native to the Windows OS, the process of enabling FIPS 140-2 for the RDP protocol also enables FIPS 140-2 for other built-in Windows functions that use cryptography, such as BitLocker and some .NET functions
TruGrid recommends that you properly test your implementation of FIPS 140-2 before allowing for production use. If you enable FIPS 140-2 according to Microsoft’s guidance below and TruGrid SecureRDP does not properly function, please try to connect over native RDP before contacting TruGrid for assistance.


Enable FIPS 140-2 for Windows (including RDP and BitLocker)



Login to Microsoft Active Directory Domain Controller
A. For the environment that you wish to enable FIPS 140-2 for RDP, connect to a domain controller
B. Open Group Policy Management Console (GPMC.MSC)
C. Edit the DEFAULT DOMAIN POLICY. As shown below, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. Open System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing. Enable the policy.
D. Click the EXPLAIN tab and read the information provided by Microsoft
E. Run GPUPDATE /FORCE on all RDP hosts on the domain or wait for the policy to apply


Enable FIPS 140-2 Compliant Mode

Validate your FIPS 140-2 configuration
A. Connect via native RDP between an external RDP client and an RDP host on your domain
B. Connect via TruGrid between an external RDP client and an RDP host on your domain
C. Enable for production use

For additional details, please review the Microsoft document on FIPS 140-2 Validation. https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Updated on: 26/10/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!