000023915 - For Windows 2003 (32-bit and 64-bit)  OS security has been enhanced and as such  has the following effects:

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023915
Applies ToRSA enVision
Microsoft Remote Desktop
RDP
terminal
service
security
Microsoft Windows
microsoft
IssueFor Windows 2003 (32-bit and 64-bit), OS security has been enhanced and as such, has the following effects:
Resolution

The enVision appliance OS using Windows 2003 has been configured to require strong encryption to be negotiated for applications that must use the cryptographic services. Strong encryption may be Federal Information Processing Standard (FIPS)-compliant encryption.

  1. This setting affects Terminal Services in Microsoft Windows Server 2003. By default, when this setting is not enabled on the client or on the server, the Remote Desktop Protocol (RDP) channel between the server and the client is encrypted by using the RC4 algorithm with a 56-bit key length. After this setting is enabled, the RDP channel is encrypted by using 3DES in Cipher Block Chaining (CBC) mode with a 128-bit key length, if the client supports it. Also, a client must use the RDP client version 5.2 or a later version to connect.
  2. Encrypting File System (EFS) is also affected by this setting. By default, Windows XP uses the Data Encryption Standard (DESX) algorithm with a 56-bit key length. If the Windows high encryption pack is installed, the key length for this algorithm is Triple-DES (3DES) or 128 bits. By default, on Windows XP Service Pack 1 (SP1)-based and Windows Server 2003-based computers, EFS uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key length. However, if you enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting on these computers, the operating system will use 3DES with a 128-bit key length instead.

    More information can be found at http://support.microsoft.com/kb/811833
  3. Installing applications via RDP
Installation of Windows applications via RDP is no longer available. All applications must be installed via local KVM access or via the DRAC on the 60-series hardware
Legacy Article IDa36755

Attachments

    Outcomes