April 16, 2003
Windows Update and the NSA Security Template
Today, just after installing Windows XP I applied the US National Security Agency's security template to the workstation, after which Windows Update promptly stopped to work. It seemed not to be able to get in touch with the server.
To resolve the situation I had to roll back to some time before I applied the template. Has anyone ever seen this problem before?
Posted by ludvig at April 16, 2003 11:05 PM
Just have seen this on two separate XP SP1 machines I applied the template to. Somehow in applying the template it screws up ssl connectivity in IE.
I was able to get Windowsupdate to work again by going into advanced settings in IE, unchecking SSL 2.0, 3.0 and TLS 1.0, restarting IE, going to the settings, rechecking them all, restarting IE, and windowsupdate works. There are still other SSL sites that I have not been able to get to work, and I can't see a real solid correlation between those that dont and those that do, perhaps Verisign V3 SSL?
OK. It turns out it is one setting:
If you change that to a zero, you turn off the FIPS requirement and IE/SSL will start to work again as well as windowsupdate. Either change it in the template using a text editor, or using the MMC Security template editor. The setting you look for in MMC is found in Local Policies->Security Options and is called:
System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing.
Set that to disable and you're off.
downloadable indian songs indian teens fucked