Remote Desktop TLS 1.0

bsjj2727
bsjj2727 used Ask the Experts™
on
I'm seeing on my vulnerability scans that all my servers are vulnerable to TLS 1.0 for Remote Desktop.  I fun Server 2008 R2 and 2012.  We only use it for administration of the server, anyone have a strait forward way to force 1.2 on these servers?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018
Commented:
Yes sir
run my script on an administrative PowerShell shell:

https://gallery.technet.microsoft.com/office/Enable-TLS11-and-TLS12-in-f41c9ab0

Or use this one,
And prevent the SWEET32 in the same path.

https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1

Author

Commented:
I just gave this a shot, now I can't connect over RDP, getting "An internal error has occurred". Any ideas?
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
That's odd.

Try this one (does the same thing) but it affects way much more Registries

https://www.nartac.com/Products/IISCrypto

There's a Best Practices selection. then apply and then reboot.

Thank you for the feedback I'll Check the script. which one did you use?
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Commented:
You script had a syntax error was missing a /168 so it should be HKLM\system\currentcontrolset\control\securityprovidors\schannel\ciphers\Triple DES 168/168 once i added the /168 i could connect via RDP
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
Great Thanks you!
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
I've updated my script, so feel free to download and use it again.

https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1

Thank you once again and don't forget to mark the answers :)
Seth SimmonsSr. Systems Administrator

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- bsjj2727 (https:#a42287191)
-- Jose Ortega (https:#a42287099)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial