Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Disable TLS 1.0 and TLS 1.1 via Group Policy
February 7, 2024

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

How To Disable Tls 1 0 And Tls 1 1 Via Group Policy

We have covered how to disable TLS 1.0 and TLS 1.1 on Windows Server in the previous post. That lets you know how to disable TLS protocols on a Windows Server locally. If you try disabling deprecated TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to disable TLS 1.0 and TLS 1.1 via Group Policy.

Without further due, let’s see how to disable TLS 1.0 and TLS 1.1 via Group Policy.

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

Step 1. Open regedit utility

Open Group Policy Management (gpmc.msc) in a Domain Controller.

Step 2. Creating a GPO in the Domain Controller

Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.

Step 3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’

Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU. 

Step 4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO

Right-click the Policy and click on ‘Edit’.

Step 5. Create Registry Item in Group Policy

Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting
New –> Registry Item.

Step 6. Update Registry Properties

In new Registry Properties, update the details as below and click on ‘OK’.Action: UpdateHive: HKEY_LOCAL_MACHINEKey Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientValue name: EnabledValue type: REG_DWORDValue data: 0Base: Hexadecimal            

Step 7. [OPTIONAL] Commands to create Registry Item in Group Policy

Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,

Step 8. [OPTIONAL] List of Registry Items in Group Policy

The image shows the list of Registry items created in Group Policy.

We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instgaram, and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added


View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription