How to Disable TLS 1.0 and TLS 1.1 via Group Policy
- Open regedit utility
Open Group Policy Management (gpmc.msc) in a Domain Controller.
2. Creating a GPO in the Domain Controller
Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.
3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’
Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.
4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO
Right-click the Policy and click on ‘Edit’.
5. Create Registry Item in Group Policy
Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting New –> Registry Item.
6. Update Registry Properties
In new Registry Properties, update the details as below and click on ‘OK’.
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
Value name: Enabled
Value type: REG_DWORD
Value data: 0
Base: Hexadecimal
7. [OPTIONAL] Commands to create Registry Item in Group Policy
Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,
![[OPTIONAL] Commands to create Registry Item in Group Policy](https://miro.medium.com/v2/resize:fit:700/0*MM9Q3YfHpgsZCHBm.png)
8. [OPTIONAL] List of Registry Items in Group Policy
The image shows the list of Registry items created in Group Policy.
![[OPTIONAL] List of Registry Items in Group Policy](https://miro.medium.com/v2/resize:fit:700/0*xlxphJpgEiXvs7jH.png)
We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure.
Ref: How to Disable TLS 1.0 and TLS 1.1 via Group Policy – The Sec Master