Determine TLS Registery Entries

berketjune2012 371 Reputation points
2021-07-28T14:28:43.99+00:00

Hello

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761

as per this article is it possible to create a power shells script that will check the registery settings and report back?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,637 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,533 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Rich Matheisen 46,796 Reputation points
    2021-07-29T02:23:15.207+00:00

    You can use the Get-ItemProperty cmdlet to get the values of the keys that contain the information. I'm not sure what you mean by "check the values", though. It's certainly possible to use the values you retrieve in conditional statements. As for "reporting", sure; you can use PowerShell to tell you what the values are, or the results of whatever conditional statements you write.

    The link you cited seems to provide you with keys in the registry you'd be interested in.

    0 comments No comments

  2. Ian Xue 37,181 Reputation points Microsoft Vendor
    2021-07-29T02:26:37.99+00:00

    Hi,

    You can get the value name and data of specified registry entries using the Get-ItemPropertyValue cmdlet .
    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-itemproperty

    To get the registry values from the link you provided you can try this.

    #Schannel  
    $schannel_client = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"  
    $schannel_server = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"  
    Get-ItemProperty -Path $schannel_client -Name "DisabledByDefault"  
    Get-ItemProperty -Path $schannel_client -Name "Enabled"  
    Get-ItemProperty -Path $schannel_server -Name "DisabledByDefault"  
    Get-ItemProperty -Path $schannel_server -Name "Enabled"  
      
    #.NET 3.5  
    $dotnet35_64 = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727"  
    $dotnet35_32 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727"  
    Get-ItemProperty -Path $dotnet35_64 -Name "SystemDefaultTlsVersions"  
    Get-ItemProperty -Path $dotnet35_32 -Name "SystemDefaultTlsVersions"  
      
    #.NET 4.x  
    $dotnet4x_64 = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"  
    $dotnet4x_32 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319"  
    Get-ItemProperty -Path $dotnet4x_64 -Name "SystemDefaultTlsVersions"  
    Get-ItemProperty -Path $dotnet4x_32 -Name "SystemDefaultTlsVersions"  
    

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.