We have covered how to disable TLS 1.0 and TLS 1.1 on Windows Server in the previous post. That lets you know how to disable TLS protocols on a Windows Server locally. If you try disabling deprecated TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to disable TLS 1.0 and TLS 1.1 via Group Policy.
Without further due, let’s see how to disable TLS 1.0 and TLS 1.1 via Group Policy.
How to Disable TLS 1.0 and TLS 1.1 via Group Policy
Time needed: 15 minutes.
How to Disable TLS 1.0 and TLS 1.1 via Group Policy
- Open regedit utilityOpen Group Policy Management (gpmc.msc) in a Domain Controller.
- Creating a GPO in the Domain ControllerNavigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.
- Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.
- Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPORight-click the Policy and click on ‘Edit’.
- Create Registry Item in Group PolicyNavigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting New –> Registry Item.
- Update Registry PropertiesIn new Registry Properties, update the details as below and click on ‘OK’.
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client
Value name: Enabled
Value type: REG_DWORD
Value data: 0
Base: Hexadecimal
- [OPTIONAL] Commands to create Registry Item in Group PolicySimilar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,
- [OPTIONAL] List of Registry Items in Group PolicyThe image shows the list of Registry items created in Group Policy.
