Solved

Best global way to remove SSLv3 and move machines to TLS on a small enterprise network

Posted on 2015-01-22
2
232 Views
Last Modified: 2015-01-23
Wanted to see what was the best possible way to remove SSLv3/disable and move machine to TLS on nearly 200 servers.  I believe the best possible way to do this would be the use of GPO.  Any suggestions on how to implement this.
0
Comment
Question by:cgooden01
2 Comments
 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 500 total points
ID: 40564472
The GPO can be found here:

Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page/Turn off encryption support

Open in new window


If you're still running a Windows 2003 Domain Controller, then you won't have the proper options in that GPO. Here is the way to get Windows Server 2012 GPO's and GPO options in a Windows 2003 Domain:

1.      Have a Windows Server 2012 member server.*
2.      Use the Server Manager to “Add Roles and Features”
3.      Add the Active Directory Domain Services feature, and restart.
4.      Copy all of the files inside your Windows Server 2012’s C:\WINDOWS\PolicyDefinitions\ folder to a Windows 2003 Domain Controller’s C:\WINDOWS\SYSVOL\domain\Policies\PolicyDefinitions\ folder.
5.      Launch the Group Policy Management Console on the Windows 2012 server.
6.      Right-click your domain, and select, “Change Domain Controller”.
7.      Select “This Domain Controller:”, and click on the domain controller that you copied the Policy Definition files to. Click OK.
8.      You will now be able to configure all Windows 2012 Group Policy Objects from your Windows 2012 Member Server, and your domain will push those policies to the appropriate users and/or computers.

* Windows 8.0 or 8.1 will also work, but before step 2, you have to install Microsoft’s Remote System Administration Toolkit (RSAT). Also, with Windows 8.x the “Add Roles and Features” option is in the Control Panel/Programs and Features. Click “Turn Windows features on or off” in the upper left quadrant of the window.

RSAT for Windows 8.0: http://www.microsoft.com/en-us/download/details.aspx?id=28972

RSAT for Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 

Author Comment

by:cgooden01
ID: 40566483
Thanks for the quick response and complete resolution. This will work for me.  Thanks Again and Happy Friday
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now