How to Disable TLS 1.0 and TLS 1.1 via Group Policy
- Open regedit utility
Open Group Policy Management (gpmc.msc) in a Domain Controller.
2. Creating a GPO in the Domain Controller
Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.
3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’
Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.
4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO
Right-click the Policy and click on ‘Edit’.
5. Create Registry Item in Group Policy
Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting New –> Registry Item.
6. Update Registry Properties
In new Registry Properties, update the details as below and click on ‘OK’.
Key Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
Value name: Enabled
Value type: REG_DWORD
Value data: 0
7. [OPTIONAL] Commands to create Registry Item in Group Policy
Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,
8. [OPTIONAL] List of Registry Items in Group Policy
The image shows the list of Registry items created in Group Policy.
We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure.