How to Enable FIPS-2 Compliant Mode for RDP

This document describes how to enable Microsoft RDP to operate in FIPS-2 Compliant Mode.

Important Notes
Microsoft's current guidance is that there is not a compelling reason for customers that are not subject to government regulations to enable FIPS mode. Please see Microsoft Guidance.
TruGrid SecureRDP does not make any change to the Microsoft RDP protocol and therefore supports production implementations of Microsoft RDP
Since the Microsoft RDP protocol is native to the Windows OS, the process of enabling FIPS-2 for the RDP protocol also enables FIPS-2 for other built-in Windows functions that use cryptography, such as BitLocker and some .NET functions
TruGrid recommends that you properly test your implementation of FIPS-2 before allowing for production use. If you enable FIPS-2 according to Microsoft’s guidance below and TruGrid SecureRDP does not properly function, please try to connect over native RDP before contacting TruGrid for assistance.

Enable FIPS-2 for Windows (and RDP)

Login to Microsoft Active Directory Domain Controller
A. For the environment that you wish to enable FIPS-2 for RDP, connect to a domain controller
B. Open Group Policy Management Console (GPMC.MSC)
C. Edit the DEFAULT DOMAIN POLICY. As shown below, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. Open System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing. Enable the policy.
D. Click the EXPLAIN tab and read the information provided by Microsoft
E. Run GPUPDATE /FORCE on all RDP hosts on the domain or wait for the policy to apply

Enable FIPS-2 Compliant Mode

Validate your FIPS-2 configuration
A. Connect via native RDP between an external RDP client and an RDP host on your domain
B. Connect via TruGrid between an external RDP client and an RDP host on your domain
C. Enable for production use

For additional details, please review the Microsoft document on FIPS 140-2 Validation. https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation
Was this article helpful?
Cancel
Thank you!