JSI Tip 8789. How can a script determine if policy 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is enabled on a computer?


To determine if the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing policy is enabled or disabled on a computer, use REG.EXE built into Windows XP and later, or REG.EXE from the Windows 2000 Support Tools on the CD-ROM, to run the following scriptlet:

:: Default setting of the FIPS environment variable is N, disabled.
set FIPS=N
for /f "Tokens=1,3" %%a in ('reg query HKLM\System\CurrentControlSet\Control\Lsa ^|FIND /I "fipsalgorithmpolicy"') do (
 if "%%b" EQU "0x1" set FIPS=Y
)
NOTE: See How do I configure Windows Server 2003 Terminal Services for secure client communications?

NOTE: See Security configuration guidance support.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish