question

berket2020 avatar image
0 Votes"
berket2020 asked IanXue-MSFT edited

Determine TLS Registery Entries

Hello

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761

as per this article is it possible to create a power shells script that will check the registery settings and report back?

windows-server-powershelloffice-exchange-server-mailflow
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @berket2020,

As from the description your query is more related to powershell script, so I'll add the tag "windows-server-powershell" for this thread, Thanks for your understanding.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

You can use the Get-ItemProperty cmdlet to get the values of the keys that contain the information. I'm not sure what you mean by "check the values", though. It's certainly possible to use the values you retrieve in conditional statements. As for "reporting", sure; you can use PowerShell to tell you what the values are, or the results of whatever conditional statements you write.

The link you cited seems to provide you with keys in the registry you'd be interested in.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered IanXue-MSFT edited

Hi,

You can get the value name and data of specified registry entries using the Get-ItemPropertyValue cmdlet .
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-itemproperty

To get the registry values from the link you provided you can try this.

 #Schannel
 $schannel_client = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
 $schannel_server = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
 Get-ItemProperty -Path $schannel_client -Name "DisabledByDefault"
 Get-ItemProperty -Path $schannel_client -Name "Enabled"
 Get-ItemProperty -Path $schannel_server -Name "DisabledByDefault"
 Get-ItemProperty -Path $schannel_server -Name "Enabled"
    
 #.NET 3.5
 $dotnet35_64 = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727"
 $dotnet35_32 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727"
 Get-ItemProperty -Path $dotnet35_64 -Name "SystemDefaultTlsVersions"
 Get-ItemProperty -Path $dotnet35_32 -Name "SystemDefaultTlsVersions"
    
 #.NET 4.x
 $dotnet4x_64 = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
 $dotnet4x_32 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319"
 Get-ItemProperty -Path $dotnet4x_64 -Name "SystemDefaultTlsVersions"
 Get-ItemProperty -Path $dotnet4x_32 -Name "SystemDefaultTlsVersions"

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.