If you plan to install Horizon Client with Federal Information Processing Standard (FIPS) compliant cryptography, you must enable FIPS mode in the client operating system before you run the Horizon Client installer.

When FIPS mode is enabled in the client operating system, applications use only cryptographic algorithms that are FIPS-140 compliant and in compliance with FIPS-approved modes of operation. You can enable FIPS mode by enabling a specific security setting, either in the Local Security Policy or as part of Group Policy, or by editing a Windows Registry key.

For more information about FIPS compliance, see the Horizon 8 Installation and Upgrade document.

Setting the FIPS Configuration Property

To enable FIPS mode in the client operating system, you can use a Windows group policy setting or a Windows Registry setting for the client computer.

  • To use the group policy setting, open the Group Policy Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.
  • To use the Windows Registry, go to HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled and set Enabled to 1.

For more information about FIPS mode, go to https://support.microsoft.com/en-us/kb/811833.

Important: If you do not enable FIPS mode before running the Horizon Client installer, the installer option to use FIPS-compliant cryptography does not appear during a custom installation. FIPS-compliant cryptography is not enabled during a typical installation. If you install Horizon Client without the FIPS-compliant cryptography option and you later decide to use the option, you must uninstall the client, enable FIPS mode in the client operating system, and run the Horizon Client installer again.