April 16, 2003

Windows Update and the NSA Security Template

Today, just after installing Windows XP I applied the US National Security Agency's security template to the workstation, after which Windows Update promptly stopped to work. It seemed not to be able to get in touch with the server.

To resolve the situation I had to roll back to some time before I applied the template. Has anyone ever seen this problem before?

Posted by ludvig at April 16, 2003 11:05 PM | TrackBack
Comments

Just have seen this on two separate XP SP1 machines I applied the template to. Somehow in applying the template it screws up ssl connectivity in IE.

I was able to get Windowsupdate to work again by going into advanced settings in IE, unchecking SSL 2.0, 3.0 and TLS 1.0, restarting IE, going to the settings, rechecking them all, restarting IE, and windowsupdate works. There are still other SSL sites that I have not been able to get to work, and I can't see a real solid correlation between those that dont and those that do, perhaps Verisign V3 SSL?

Posted by: rc at October 31, 2003 07:05 PM

OK. It turns out it is one setting:

HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=1

If you change that to a zero, you turn off the FIPS requirement and IE/SSL will start to work again as well as windowsupdate. Either change it in the template using a text editor, or using the MMC Security template editor. The setting you look for in MMC is found in Local Policies->Security Options and is called:

System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing.

Set that to disable and you're off.

Posted by: rc at November 3, 2003 07:10 PM

porn sex ass sex

Posted by: Rkarmkhd at October 9, 2006 02:31 AM

downloadable indian songs indian teens fucked

Posted by: Vmmlacym at October 10, 2006 03:18 AM
Post a comment









Remember personal info?