[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Best global way to remove SSLv3 and move machines to TLS on a small enterprise network

Posted on 2015-01-22
2
Medium Priority
?
249 Views
Last Modified: 2015-01-23
Wanted to see what was the best possible way to remove SSLv3/disable and move machine to TLS on nearly 200 servers.  I believe the best possible way to do this would be the use of GPO.  Any suggestions on how to implement this.
0
Comment
Question by:cgooden01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 2000 total points
ID: 40564472
The GPO can be found here:

Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page/Turn off encryption support

Open in new window


If you're still running a Windows 2003 Domain Controller, then you won't have the proper options in that GPO. Here is the way to get Windows Server 2012 GPO's and GPO options in a Windows 2003 Domain:

1.      Have a Windows Server 2012 member server.*
2.      Use the Server Manager to “Add Roles and Features”
3.      Add the Active Directory Domain Services feature, and restart.
4.      Copy all of the files inside your Windows Server 2012’s C:\WINDOWS\PolicyDefinitions\ folder to a Windows 2003 Domain Controller’s C:\WINDOWS\SYSVOL\domain\Policies\PolicyDefinitions\ folder.
5.      Launch the Group Policy Management Console on the Windows 2012 server.
6.      Right-click your domain, and select, “Change Domain Controller”.
7.      Select “This Domain Controller:”, and click on the domain controller that you copied the Policy Definition files to. Click OK.
8.      You will now be able to configure all Windows 2012 Group Policy Objects from your Windows 2012 Member Server, and your domain will push those policies to the appropriate users and/or computers.

* Windows 8.0 or 8.1 will also work, but before step 2, you have to install Microsoft’s Remote System Administration Toolkit (RSAT). Also, with Windows 8.x the “Add Roles and Features” option is in the Control Panel/Programs and Features. Click “Turn Windows features on or off” in the upper left quadrant of the window.

RSAT for Windows 8.0: http://www.microsoft.com/en-us/download/details.aspx?id=28972

RSAT for Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 

Author Comment

by:cgooden01
ID: 40566483
Thanks for the quick response and complete resolution. This will work for me.  Thanks Again and Happy Friday
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question