You must enable FIPS mode in the client operating system before you run the client installer if you plan to install Horizon Client with FIPS-compliant cryptography.

When FIPS (Federal Information Processing Standard) mode is enabled in the client operating system, applications are informed that they should only use cryptographic algorithms that are FIPS-140 compliant and in compliance with FIPS-approved modes of operation. You can enable FIPS mode by enabling a specific security setting, either in the Local Security Policy or as part of Group Policy or by editing a Windows Registry key.

Important:

Installing Horizon Client with FIPS-compliant cryptography is supported only for clients with Windows 7 SP1 operating systems.

For more information about FIPS support, which is available with Horizon 6 version 6.2 or later, see the View Installation document.

Setting the Configuration Property

To enable FIPS mode in the client operating system, you can either use a Windows GPO or use a Windows Registry setting for the client computer.

  • To use the GPO setting, open the Group Policy Editor and navigate to:

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

    Enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.

  • To use the Windows Registry, go to the following Registry key:

    HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled

    To enable FIPS mode, set Enabled to 1.

For more information about FIPS mode, go to https://support.microsoft.com/en-us/kb/811833.

Important:

If you do not enable FIPS mode before running the client installer, you will not see the installer option to use FIPS-compliant cryptography. If you install Horizon Client without this option and you later decide to use this option, you must uninstall the client, enable FIPS mode in the client operating system, and run the client installer again.