Hi Babar Zaheer,
Thank you for posting in Q&A.
Permanently disabling TLS 1.0 and 1.1 on a Windows OS level to the point where it cannot be overridden via registry changes is not a standard feature provided by the OS. The typical method to disable these protocols is through registry edits, which, as you mentioned, can be overridden.
As for your second question, disabling TLS 1.0 and 1.1 at the Windows OS level should effectively block all applications running on the OS from using TLS 1.0 and 1.1, as these protocols are part of the Windows Secure Channel (Schannel) security package. It's recommended to also check the specific configurations of the applications running on the OS because they may have their own mechanisms to handle TLS.
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.