Computer without a Domain

  1. Open the Control Panel window.
  2. Click “View network status and tasks” under Network and Internet.
  3. Click “Change adapter settings.”
  4. Right-click the network you want to enable FIPS for and select “Status.”
  5. Click the “Wireless Properties” button in the Wi-Fi Status window.
  6. Click the “Security” tab in the network properties window.
  7. Click the “Advanced settings” button.
  8. Toggle the “Enable Federal Information Processing Standards (FIPS) compliance for this network” option under 802.11 settings.

This setting can also be changed system-wide in the group policy editor. This tool is only available on Professional, Enterprise, and Education versions of Windows–not Home versions. You can only use the local group policy editor to change this tool if you’re on a computer that isn’t joined to a domain that’s managing your computer’s group policy settings for you.

Computer within Domain

If your computer is joined to a domain and the group policy settings are centrally managed by your organization, you won’t be able to change it yourself. To change this setting in Group Policy:

  1. Press Windows Key+R to open the Run dialog.
  2. Type “gpedit.msc” into the Run dialog box (without the quotes) and press Enter.
  3. Navigate to “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options” in the Group Policy Editor.
  4. Locate the “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” setting in the right pane and double-click it.
  5. Set the setting to “Disabled” and click “OK.”
  6. Restart the computer.

Using Registry

  1. Press Windows Key+R to open the Run dialog.
  2. Type “regedit” into the Run dialog box (without the quotes) and press Enter.
  3. Navigate to: “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\”.
  4. Look at the “Enabled” value in the right pane. If it’s set to “0”, FIPS mode is disabled. If it’s set to “1”, FIPS mode is enabled. To change the setting, double-click the “Enabled” value and set it to either “0” or “1”.
  5. Restart the computer.

Further References

  1. Microsoft Technet

Leave a Comment