Best global way to remove SSLv3 and move machines to TLS on a small enterprise network

Wanted to see what was the best possible way to remove SSLv3/disable and move machine to TLS on nearly 200 servers.  I believe the best possible way to do this would be the use of GPO.  Any suggestions on how to implement this.
cgooden01Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
R. Toby RichardsConnect With a Mentor Network AdministratorCommented:
The GPO can be found here:

Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page/Turn off encryption support

Open in new window


If you're still running a Windows 2003 Domain Controller, then you won't have the proper options in that GPO. Here is the way to get Windows Server 2012 GPO's and GPO options in a Windows 2003 Domain:

1.      Have a Windows Server 2012 member server.*
2.      Use the Server Manager to “Add Roles and Features”
3.      Add the Active Directory Domain Services feature, and restart.
4.      Copy all of the files inside your Windows Server 2012’s C:\WINDOWS\PolicyDefinitions\ folder to a Windows 2003 Domain Controller’s C:\WINDOWS\SYSVOL\domain\Policies\PolicyDefinitions\ folder.
5.      Launch the Group Policy Management Console on the Windows 2012 server.
6.      Right-click your domain, and select, “Change Domain Controller”.
7.      Select “This Domain Controller:”, and click on the domain controller that you copied the Policy Definition files to. Click OK.
8.      You will now be able to configure all Windows 2012 Group Policy Objects from your Windows 2012 Member Server, and your domain will push those policies to the appropriate users and/or computers.

* Windows 8.0 or 8.1 will also work, but before step 2, you have to install Microsoft’s Remote System Administration Toolkit (RSAT). Also, with Windows 8.x the “Add Roles and Features” option is in the Control Panel/Programs and Features. Click “Turn Windows features on or off” in the upper left quadrant of the window.

RSAT for Windows 8.0: http://www.microsoft.com/en-us/download/details.aspx?id=28972

RSAT for Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
cgooden01Author Commented:
Thanks for the quick response and complete resolution. This will work for me.  Thanks Again and Happy Friday
0
All Courses

From novice to tech pro — start learning today.