Resources for deprecated features
This article provides additional resources about deprecated features for Windows client that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
VBScript will be available as a feature on demand before being retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript.
TLS versions 1.0 and 1.1 disablement resources
Over the past several years, internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 are disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1.
The following information can help IT professionals to:
- Identify issues related to TLS 1.0 and 1.1 disablement
- Re-enable TLS 1.0 and 1.1, if needed
For developer guidance and for a list of common applications known to rely on TLS 1.0 or 1.1, see the Announcing the disablement of TLS 1.0 and TLS 1.1 in Windows blog post.
TLS diagnostic events
Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System Event Log, SChannel EventID 36871 may be logged with the following description:
A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>.
TLS 1.0 and 1.1 guidance for IT professionals
The impact of disabling TLS versions 1.0 and 1.1 depends on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 are already disabled by Microsoft 365 products as well as WinHTTP and WinINet API surfaces. Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to discover if a newer version of the application has TLS 1.2 or TLS 1.3 support.
Using the system default settings for the best balance of security and performance is recommended. Organizations that limit TLS cipher suites using Group Policy or PowerShell cmdlets should also verify that cipher suites needed for TLS 1.3 and TLS 1.2 are enabled.
If there are no alternatives available and TLS 1.0 or TLS 1.1 is needed, the protocol versions can be re-enabled with a system registry setting. To override a system default and set a (D)TLS or SSL protocol version to the Enabled state:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled" = dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled" = dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled" = dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled" = dword:00000001
Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort, and as a temporary solution until incompatible applications can be updated or replaced. Support for these legacy TLS versions may be completely removed in the future.
Microsoft Support Diagnostic Tool resources
The Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been redirected to the Get Help platform, while the other half will be retired.
If you're using MSDT to run custom troubleshooting packages, it will be available as a feature on demand before the tool is fully retired in 2025. This change allows you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. Contact Microsoft support for Windows if you require more assistance.
Redirected MSDT troubleshooters
The following troubleshooters are automatically redirected when you access them from Start > Settings > System > Troubleshoot:
- Background Intelligent Transfer Service (BITS)
- Internet Connections
- Network Adapter
- Playing Audio
- Program Compatibility Troubleshooter
- Recording Audio
- Video Playback
- Windows Network Diagnostics
- Windows Media Player DVD
- Windows Media Player Library
- Windows Media Player Settings
- Windows Update
Retired MSDT troubleshooters
The following troubleshooters will be removed in a future release of Windows:
- Connection to a Workplace using DirectAccess
- Devices and Printers
- Hardware and Devices
- Incoming Connections
- Internet Explorer Performance
- Internet Explorer Safety
- Search and Indexing
- System Maintenance
- Shared Folders
- Windows Store Apps