yesterday
Hi,
As Microsoft requires all resources which interact with Azure services to be using TLS 1.2 or higher as of 31 October 2024 we were looking to create a Lansweeper report which can identify the TLS version used in our network. On our DC's we've already manualy disabled TLS 1.0. But is there a report available that lists which TLS version is used by all resources in the network?
Thanks in advance for your reply.
yesterday
Real basic report that you can expand upon, but it requires registry keys to be scanned. Add these examples to your Custom Registry Scanning list. Here I've just thrown together two keys to scan for.
and
Report
Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Inner Join tblRegistry On tblassets.AssetID = tblRegistry.AssetID
Where tblRegistry.Regkey Like '%TLS%' And tblassetcustom.State = 1
Depending on your needs Microsoft also lists these additional ones below. See the article https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hell... for more information.
For example, here are some valid registry paths with version-specific subkeys:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Enabled
state, create a DWORD registry value named Enabled
with an entry value of "1" under the corresponding version-specific subkey.
Good luck.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now