[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Best global way to remove SSLv3 and move machines to TLS on a small enterprise network

Posted on 2015-01-22
2
Medium Priority
?
251 Views
Last Modified: 2015-01-23
Wanted to see what was the best possible way to remove SSLv3/disable and move machine to TLS on nearly 200 servers.  I believe the best possible way to do this would be the use of GPO.  Any suggestions on how to implement this.
0
Comment
Question by:cgooden01
2 Comments
 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 2000 total points
ID: 40564472
The GPO can be found here:

Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page/Turn off encryption support

Open in new window


If you're still running a Windows 2003 Domain Controller, then you won't have the proper options in that GPO. Here is the way to get Windows Server 2012 GPO's and GPO options in a Windows 2003 Domain:

1.      Have a Windows Server 2012 member server.*
2.      Use the Server Manager to “Add Roles and Features”
3.      Add the Active Directory Domain Services feature, and restart.
4.      Copy all of the files inside your Windows Server 2012’s C:\WINDOWS\PolicyDefinitions\ folder to a Windows 2003 Domain Controller’s C:\WINDOWS\SYSVOL\domain\Policies\PolicyDefinitions\ folder.
5.      Launch the Group Policy Management Console on the Windows 2012 server.
6.      Right-click your domain, and select, “Change Domain Controller”.
7.      Select “This Domain Controller:”, and click on the domain controller that you copied the Policy Definition files to. Click OK.
8.      You will now be able to configure all Windows 2012 Group Policy Objects from your Windows 2012 Member Server, and your domain will push those policies to the appropriate users and/or computers.

* Windows 8.0 or 8.1 will also work, but before step 2, you have to install Microsoft’s Remote System Administration Toolkit (RSAT). Also, with Windows 8.x the “Add Roles and Features” option is in the Control Panel/Programs and Features. Click “Turn Windows features on or off” in the upper left quadrant of the window.

RSAT for Windows 8.0: http://www.microsoft.com/en-us/download/details.aspx?id=28972

RSAT for Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 

Author Comment

by:cgooden01
ID: 40566483
Thanks for the quick response and complete resolution. This will work for me.  Thanks Again and Happy Friday
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question