This article only applies to Squared Up Version 2.0. If you're looking for help with Squared Up Version 3.0, please visit our new knowledge base
Squared Up does not have any storage - whether internally or externally - of user details or passwords. All passwords and encryption are handled by SCOM and Windows itself. Non-compliant cryptographic hashes are only used by the licensing/activation component of the product. They are not used for secure communication or the handling of user credentials.
- Squared Up will not function in a FIPS enforced environment ("FIPS mode").
- Disabling FIPS compliance at application-level is insufficient if FIPS mode is enabled system-wide.
- FIPS compliance must be disabled system-wide for Squared Up to operate.
Unless you are under specific government mandate, please note that for technical reasons, Microsoft no longer advises the use of FIPS mode (relevant security baseline document here). The following paragraph is particularly important to keep in mind when considering turning FIPS on or off:
"Further, FIPS mode does not and cannot ensure that applications even use encryption at all when appropriate. There is nothing Windows can do to prevent an application from saving plaintext passwords or other sensitive data in unprotected files or registry values. The bottom line here is that just because a software product works when FIPS mode is enabled does not mean that it adheres to government standards."
Additionally, the validity of the FIPS standard has been brought into question by the association between Dual_EC_DRBG and FIPS-140-2 certification
Troubleshooting FIPS on legacy Windows Server 2003 domain controllers
When FIPS mode has been enabled for Windows Server 2003 domain controllers a different registry key to the Windows Server 2008 registry key is set. On legacy Windows Server 2003 domain controllers you may need to disable FIPS mode by modifying the the following registry key:
Windows Server 2003
Windows Server 2008
Without this disabled you may see the following error messages when accessing Squared Up:
"Exception has been thrown by the target of an invocation"
"This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms"