How to Enable TLS 1.2 and TLS 1.3 via Group Policy

We have covered how to enable TLS 1.2 and TLS 1.3 on Windows Server in the previous post. That lets you know how to enable TLS protocols on a Windows Server locally. If you try enabling TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to enable TLS 1.2 and TLS 1.3 via Group Policy. Since TLS 1.3 doesn’t support other than Windows 11 and Windows Server 2022, implement TLS 1.3 only to Windows 11 and Windows Server 2022 operating systems.

Without further due, let’s see how to enable TLS 1.2 and TLS 1.3 via Group Policy.

Time needed: 15 minutes.

How to Enable TLS 1.2 and TLS 1.3 via Group Policy

  1. Open regedit utility

    Open Group Policy Management (gpmc.msc) in a Domain Controller.Open Group Policy Management in a Domain Controller

  2. Creating a GPO in the Domain Controller

    Navigate to the OU where Policy to be linked and right click and select ‘Create a GP in this domain and Link it here’; In this demo selecting ‘Domain Controllers’ OU.Create a GPO in the Domain Controller

  3. Rename the GPO to ‘Enable_TLS 1.2_TLS 1.3’

    Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.Rename the GPO to 'Enable_TLS 1.2_TLS 1.3'

  4. Edit the ‘Enable_TLS 1.2_TLS 1.3’ GPO

    Right-click the Policy and click on ‘Edit’.Edit the 'Enable_TLS 1.2_TLS 1.3' GPO

  5. Create Registry Item in Group Policy

    Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry in Group Policy.
    Create new Registry by Right click on the blank space and select New –> Registry ItemCreate Registry Item in Group Policy

  6. Update Registry Properties

    In new Registry Properties update the details as below and click on ‘OK’.
    Action: Update
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/TLS 1.2/Client
    Value name: Enabled
    Value type: REG_DWORD
    Value data: 1
    Base: HexadecimalUpdate Registry Properties

  7. [OPTIONAL] Commands to create Registry Item in Group Policy

    Create few more keys. Well, you can create the way shown in the above steps or you can also use commands to create the new registry items.

    – Create a key ‘HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/TLS 1.2/Client/DisableByDefault’ and set the value as ‘0’
    – Create a key ‘HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/TLS 1.2/Server/Enabled’ and set the value as ‘1’
    – Create a key ‘HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/TLS 1.2/Server/DisableByDefault’ and set the value as ‘0’
    – Create a key ‘HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/HTTP/Parameters/EnableHttp3’ and set the value as ‘1’

  8. [OPTIONAL] List of Registry Item in Group Policy

    The image shows the list of Registry items created in Group Policy.List of Registry Item in Group Policy (1)

We hope this post will help you know how to enable TLS 1.2 and TLS 1.3 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/289032.html

(0)
上一篇 2022年9月15日
下一篇 2022年9月15日

相关推荐

发表回复

登录后才能评论