How enable/disable FIPS cryptography in WIndows - all version

source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7


In WIndows 8, open up a command prompt wondoe and kick off gpedit.msc and go from there...

First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.
The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:

1. Using an account that has administrative credentials, log on to the computer.
2. Click Start, click Run, type gpedit.msc, and then press ENTER.
3. In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
4. Under the Security Settings node, double-click Local Policies, and then click Security Options.
5. In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
6. In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
7. Close the Local Group Policy Editor.

If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7