How to Disable TLS 1.0 and TLS 1.1 via Group Policy

We have covered how to disable TLS 1.0 and TLS 1.1 on Windows Server in the previous post. That lets you know how to disable TLS protocols on a Windows Server locally. If you try disabling deprecated TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to disable TLS 1.0 and TLS 1.1 via Group Policy.

Without further due, let’s see how to disable TLS 1.0 and TLS 1.1 via Group Policy.

How to Disable TLS 1.0 and TLS 1.1 via Group Policy

Step 1. Open regedit utility

Open Group Policy Management (gpmc.msc) in a Domain Controller.

Step 2. Creating a GPO in the Domain Controller

Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.

Step 3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’

Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU. 

Step 4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO

Right-click the Policy and click on ‘Edit’.

Step 5. Create Registry Item in Group Policy

Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting New –> Registry Item.

Step 6. Update Registry Properties

In new Registry Properties, update the details as below and click on ‘OK’.Action: UpdateHive: HKEY_LOCAL_MACHINEKey Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientValue name: EnabledValue type: REG_DWORDValue data: 0Base: Hexadecimal            

Step 7. [OPTIONAL] Commands to create Registry Item in Group Policy

Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,

Step 8. [OPTIONAL] List of Registry Items in Group Policy

The image shows the list of Registry items created in Group Policy.

We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instgaram, and subscribe to receive updates like this.