Wednesday, July 15, 2015

How to enable FIPS compliance setting without Local Security Policy on Windows 10 Home?


I'm having a problem running some software where a feature doesn't work because the cryptographic algorithm being used isn't FIPS validated. Here's an excerpt of the error indicating that:



'X' threw an exception. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
at ...



Someone recommended I enable FIPS to get around this problem, by going to the Local Security Policy Editor and enabling "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".


After some searching, I'm finding that Windows 10 Home has no Local Security Policy Editor.
(I've tried digging into /system32/, running secpol.msc, digging through Control Panel, but there is no Local or Group Security Policy Editor. On Reddit someone noted that Windows 10 Home will not have those Policy Editors.)


Is there a way to enable that FIPS compliance setting without having the Local Policy Editor? I am the administrator on the machine in question.


Answer



You can apply this group policy manually if you want.



If you wish to do this manually, you can also simply change the
registry key
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
to 1



Source Alex's answer to How to enable FIPS on windows 7


You can also follow the answer to the question, Windows Starter Edition, Home and Home Premium do not include gpedit, how do I install it?, in order to get gpedit.msc to work on Windows 10.




  1. First download the setup file using following link:


    Download Group Policy Editor Installer


    You'll find the download link in right-side section of the above
    mentioned page.


  2. After downloading the ZIP file, extract it using WinRAR or 7-Zip.


  3. Run the extracted setup.exe file.


    It will install the files and you'll be able to access gpedit.msc
    command via RUN or Start Menu search box.




Source: DavidPostill's answer to Windows Starter Edition, Home and Home Premium do not include gpedit, how do I install it?


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...