question

AnsarSalim-0034 avatar image
0 Votes"
AnsarSalim-0034 asked JennyYan-MSFT answered

How to changeTerminal Services Encryption Level to FIPS-140 Compliant

I need to fix Vulnerability 'Terminal Services Encryption Level is not FIPS-140 Compliant' on my Windows servers. What is the way to do that? any issues will happen is I change RDP to FIPS compliant.?

remote-desktop-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OnerZiyaBas-5108 avatar image
0 Votes"
OnerZiyaBas-5108 answered

Hi,

You can use group policy or registry key on the terminal server to set the Encryption Level.

Group Policy:

Computer Configuration\Windows Settings\Security Settings\Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services]
“MinEncryptionLevel” REG_DWORD set the value to 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp]
“MinEncryptionLevel” REG_DWORD set the value to 4

For your reference
https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Thanks,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JennyYan-MSFT avatar image
0 Votes"
JennyYan-MSFT answered

Hi,
1.May I know if there is any errors or problems that force you to change the Encryption of RDP?

2.Per the blog below, it mentioned that by default, Remote Desktop connections are encrypted at the highest level of security available (128-bit).
Tip: Secure RDS (Remote Desktop Services) Connections with SSL
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/ff458357(v=msdn.10)?redirectedfrom=MSDN


Hope this helps and please help to accept as Answer if the response is useful.

Thanks,
Jenny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.