cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Sam_C
Engaged Sweeper
Hello,
Is there a Lansweeper report that would display servers that might still have TLS 1.0 enabled on them? Thanks.
1 REPLY 1
JacobH
Champion Sweeper III
I posted on this topic with an hold handle... but you would need to add a registry key...


From: https://www.lansweeper.com/forum/yaf_postst15025_Handy-files-or-registry-items-to-scan.aspx#post5106...



Make sure TLS 1.0 is disabled on servers:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0

Valuename: Enabled

Value = 0 (Disabled) Value = 1 (Enabled)

Then to start off, you can look at the report - Windows: Registry Scanning results and modify the WHERE clause to add:

WHERE

tblRegistry.regkey like '%HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0%' and tblRegistry.valuename = 'Enabled'