‎09-19-2024 09:02 AM
Hi,
As Microsoft requires all resources which interact with Azure services to be using TLS 1.2 or higher as of 31 October 2024 we were looking to create a Lansweeper report which can identify the TLS version used in our network. On our DC's we've already manualy disabled TLS 1.0. But is there a report available that lists which TLS version is used by all resources in the network?
Thanks in advance for your reply.
‎09-19-2024 07:42 PM
Real basic report that you can expand upon, but it requires registry keys to be scanned. Add these examples to your Custom Registry Scanning list. Here I've just thrown together two keys to scan for.
and
Report
Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Inner Join tblRegistry On tblassets.AssetID = tblRegistry.AssetID
Where tblRegistry.Regkey Like '%TLS%' And tblassetcustom.State = 1
Depending on your needs Microsoft also lists these additional ones below. See the article https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hell... for more information.
For example, here are some valid registry paths with version-specific subkeys:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Enabled
state, create a DWORD registry value named Enabled
with an entry value of "1" under the corresponding version-specific subkey.
Good luck.
‎09-20-2024 08:01 AM
Thanks for your reply, I will have a look at it and let you know what the outcome was.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now