本文档指导如何在Windows中通过组策略设置客户端连接的加密级别,包括‘客户端兼容’、‘高级别’和‘低级别’。同时,详细说明了启用符合FIPS(Federal Information Processing Standards)的加密方法,涉及到‘系统加密: 使用FIPS兼容的算法来加密、哈希和签名’的设置,以确保系统的安全性和合规性。
1.打开“组策略”。
2.在“计算机配置”、“管理模板”、“Windows
组件”、“终端服务”、“加密与安全性”中双击“设置客户端连接加密级别”设置,然后单击“启用”。
3.要设置加密级别,请执行以下操作之一:
◦要将加密级别设置成“客户端兼容”、“高级别”或“低级别”,请在“加密级别”列表中,单击所需要的级别,然后单击“确定”。有关这些加密级别的信息,请参阅本主题结尾的“注意”。
◦要启用符合 FIPS
的加密,请单击“确定”以关闭“设置客户端连接加密级别属性”对话框,然后导航至“计算机配置”、“Windows
设置”、“安全设置”、“本地策略”、“安全选项”。双击“系统加密: 使用 FIPS
兼容的算法来加密、哈希和签名”,然后单击“启用”。
EN
1.Open Group Policy.
2.In Computer Configuration,
Administrative Templates, Windows Components, Terminal Services,
Encryption and Security, double-click the Set client connection
encryption level setting, and then click Enabled.
3.To set the encryption level, do
one of the following:
◦To set the encryption level to
Client Compatible, High Level, or Low Level, in the Encryption
Level list, click the level that you want, and then click OK. For
information about these encryption levels, see Note, at this end of
this topic.
◦To enable FIPS compliant
encryption, click OK to close the Set client connection encryption
level Properties dialog box, and then navigate to Computer
Configuration, Windows Settings, Security Settings, Local Policies,
Security Options. Double-click System cryptography: Use FIPS
compliant algorithms for encryption, hashing, and signing, and then
click Enabled.
4.If you set the encryption level
to High Level or if you enabled FIPS compliant encryption and you
want to use Transport Level Security (TLS) 1.0 to authenticate the
server, you must enable TLS by using the Terminal Services
Configuration tool and meet additional configuration
requirements.
917
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
