Windows – SSL Cipher Suite GPO

group-policysslwindows-registrywindows-server-2012-r2

Thanks in advance for reading. I'm using Win Server 2012 R2 to dish out group policies.

I've created a GPO to define the SSL Cipher Suite Order under Policies > Admin Templates > Network > SSL Confugration Settings and have set it to "Enabled".

I'm using a list of strong cipher suites from Steve Gibsons website found here.

I've put them all on 1 long line as it states to do.

I've also manipulated a default registry value located at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002

These are the same values I'm using from Gibsons site – on separate lines with no commas

My registry values change but I cannot get the SSL Configuration settings to display "Enabled"

Does anyone have insight on how to correct this issue?

Best Answer

Are you setting both the policy value AND the registry?

My understanding from here is that you can't do both:

The Microsoft SCHANNEL team does not support directly manipulating the Group Policy and Default Cipher suite locations in the registry.

Related Solutions

Windows 10 – Disabling Thumbs.db Using gpedit.msc Still Appears on Desktop

Found this on answers.microsoft.com

The thumbs.db file is used to store the thumbnails of images and videos. Anytime thumbnails view is enabled or has been enabled in Microsoft Windows the hidden file thumbs.db is automatically created in the same directory as where the thumbnails have been viewed. This file contains the information required by Windows to display the thumbnails for each of the icons and will be placed in every folder thumbnails are viewed.

This file can be safely deleted from any directory, however, it will be automatically recreated if thumbnails view is still enabled and you view that directory again. You can hide it by hiding system files but you cannot get rid of it permanently.

I suggest you that create a .reg file(If you are facing the issue with all the folders only) and do a double click on it by copy pasting these commands in a notepad. This should disable thumbnail caching.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoThumbnailCache"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
"DisableThumbsDBOnNetworkFolders"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoThumbnailCache"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DisableThumbnailCache"=dword:00000001
"NoThumbnailCache"=dword:00000001

Registry disclaimer

To do so: Important this section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: How to back up and restore the registry in Windows

Best Answer

Related Solutions

Windows 10 – Disabling Thumbs.db Using gpedit.msc Still Appears on Desktop

Related Question