• Home
  • |
  • Blog
  • |
  • How to Disable TLS 1.0 and TLS 1.1 via Group Policy
How to Disable TLS 1.0 and TLS 1.1 via Group Policy

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

We have covered how to disable TLS 1.0 and TLS 1.1 on Windows Server in the previous post. That lets you know how to disable TLS protocols on a Windows Server locally. If you try disabling deprecated TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to disable TLS 1.0 and TLS 1.1 via Group Policy.

Without further due, let’s see how to disable TLS 1.0 and TLS 1.1 via Group Policy.

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

Time needed: 15 minutes.

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

  1. Open regedit utility

    Open Group Policy Management (gpmc.msc) in a Domain Controller.

    Open Group Policy Management in a Domain Controller

  2. Creating a GPO in the Domain Controller

    Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.

    Create a GPO in the Domain Controller

  3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’

    Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU. 

    Rename the GPO to 'Disable_TLS 1.0_TLS 1.1'

  4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO

    Right-click the Policy and click on ‘Edit’.

    Edit the 'Disable_TLS 1.0_TLS 1.1' GPO

  5. Create Registry Item in Group Policy

    Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
    Create a new Registry by Right click on the blank space and selecting New –> Registry Item.

    Create Registry Item in Group Policy

  6. Update Registry Properties

    In new Registry Properties, update the details as below and click on ‘OK’.
    Action: Update
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
    Value name: Enabled
    Value type: REG_DWORD
    Value data: 0
    Base: Hexadecimal   
             Update Registry Properties

  7. [OPTIONAL] Commands to create Registry Item in Group Policy

    Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,

    Commands to create Registry Item in Group Policy

  8. [OPTIONAL] List of Registry Items in Group Policy

    The image shows the list of Registry items created in Group Policy.List of Registry Item in Group Policy

We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instgaram, and subscribe to receive updates like this.

Keep Reading:

About the author

Author Image

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

  2. Hi!
    Thank you for this informations.

    I ran in a trap: Is there a typo under #7? There you have "DisableByDefault"… i think it should be "DisabledByDefault". # 8 shows the right Key syntax.

    Kind regards

    Alex Reil

    Reply

  3. This was super helpful Arun. Thank you. Under 7 the example shows the incorrect registry entry but it correct under 8.

    Best Regards,

    Reply
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.