Setting Windows Ciphers and Cipher Suites in Windows for a large number (500+ Servers)
We have a large number of servers here (5-700) 2008 and 20012R2 and need to set them to PCI standards. We Can obviously use the IISCrypto tool to do the setting on a server by server basis but to do this on the large number of remote VMs is painful at best and horribly time consuming. We were able to use registry settings to turn off SSL v3 etc. here but can't see a way to do the same thing for the Ciphers and Cipher SUites. Can anyone suggest a way to do this quickly with a reg file or such? We use a tool called KACE that could deploy or run a batch file etc. Screen capture is attached showing what we need off. IISCrypto-DisabledCipherSuites.JPG
* ciphersEncryptionOS SecurityWindows Server 2008Windows OS
THe thought we had was could we USe IISCrypto and Set up one system as needed then export the key as you suggested Patrick. Not sure if that will show the Ciphers or not. We'll try it here and see what it looks like. We WERE able to do that for the SSL items. Might be a day or 3 for results please be patient.
Ended up using regdiff take before and after snapshots on a clean server with IIScrypto to get the chages as a .reg file we could apply. Patrick that is appropriate.
Patrick Bogers
Thank you for feedback.
If my proposal is appropiate why did you offer all points to btan?
http://windowsitpro.com/windows/disabling-rc4-cipher
I have a reg key to disable RC4 cipher let me check and will post it