Objective
Provide a guideline on how to properly disable TLS 1.0 in Windows Server.
Prerequisites
None.
Steps
Step 1: Disable TLS 1.0
On your Windows Server, enter Windows key + R
Then, enter regedit and press Enter.
Next, navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Then, right-click on the Protocols key, select New > Key. Type TLS 1.0 as the name.
Afterwards, create 2 more keys under TLS 1.0 named Client and Server.
Next, on the Client key, right-click and select New > DWORD 32-bit value. And then, Enter Enabled as the name while 1 as the Decimal Value.
Step 2: Local Policy Modification
This step is only applicable if you have a RDS setup.
To modify your local policy, navigate to Group Policy Editor.
Next, navigate to
Computer Configuration\Administrative Templates\Windows\Components\Remote Desktop Services\Remote Desktop Session Host\Security
Then, select the policy Require use of specific security layer for remote (RDP) connections.
Finally, set it to Enabled with Negotiate.