This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- TLS version report
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11 hours ago
Hi,
As Microsoft requires all resources which interact with Azure services to be using TLS 1.2 or higher as of 31 October 2024 we were looking to create a Lansweeper report which can identify the TLS version used in our network. On our DC's we've already manualy disabled TLS 1.0. But is there a report available that lists which TLS version is used by all resources in the network?
Thanks in advance for your reply.
Labels:
- Labels:
-
Other Report Topics
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
45m ago
Real basic report that you can expand upon, but it requires registry keys to be scanned. Add these examples to your Custom Registry Scanning list. Here I've just thrown together two keys to scan for.
- Rootkey: HKLM
- RegPath: System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
- RegVaule: Enabled
and
- Rootkey: HKLM
- RegPath: System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
- RegVaule: Enabled
Report
Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Inner Join tblRegistry On tblassets.AssetID = tblRegistry.AssetID
Where tblRegistry.Regkey Like '%TLS%' And tblassetcustom.State = 1
Depending on your needs Microsoft also lists these additional ones below. See the article https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hell... for more information.
For example, here are some valid registry paths with version-specific subkeys:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientHKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ServerHKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Enabled state, create a DWORD registry value named Enabled with an entry value of "1" under the corresponding version-specific subkey.
Good luck.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now