Up 3 Down 0

Check if TLS and SSL are Enabled

# Check which TLS/SSL protocols are ENABLED on this server
Write-Host "ENABLED PROTOCOLS ON THIS SERVER:" -ForegroundColor Green
Write-Host "=================================" -ForegroundColor Green
Write-Host

$protocols = @("SSL 2.0", "SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3")
$enabledProtocols = @()

foreach ($protocol in $protocols) {
    $clientPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client"
    $serverPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server"
    
    $clientEnabled = $false
    $serverEnabled = $false
    
    # Check Client
    if (Test-Path $clientPath) {
        $enabled = Get-ItemProperty -Path $clientPath -Name "Enabled" -ErrorAction SilentlyContinue
        $disabled = Get-ItemProperty -Path $clientPath -Name "DisabledByDefault" -ErrorAction SilentlyContinue
        
        if ($enabled.Enabled -eq 1 -and $disabled.DisabledByDefault -ne 1) {
            $clientEnabled = $true
        }
    } else {
        # Default Windows behavior for protocols not explicitly configured
        if ($protocol -eq "TLS 1.2" -or $protocol -eq "TLS 1.3") {
            $clientEnabled = $true  # Modern Windows enables these by default
        }
    }
    
    # Check Server
    if (Test-Path $serverPath) {
        $enabled = Get-ItemProperty -Path $serverPath -Name "Enabled" -ErrorAction SilentlyContinue
        $disabled = Get-ItemProperty -Path $serverPath -Name "DisabledByDefault" -ErrorAction SilentlyContinue
        
        if ($enabled.Enabled -eq 1 -and $disabled.DisabledByDefault -ne 1) {
            $serverEnabled = $true
        }
    } else {
        # Default Windows behavior
        if ($protocol -eq "TLS 1.2" -or $protocol -eq "TLS 1.3") {
            $serverEnabled = $true
        }
    }
    
    # Report status
    if ($clientEnabled -or $serverEnabled) {
        $status = @()
        if ($clientEnabled) { $status += "Client" }
        if ($serverEnabled) { $status += "Server" }
        
        Write-Host "$protocol is ENABLED ($($status -join ', '))" -ForegroundColor Green
        $enabledProtocols += $protocol
    } else {
        Write-Host "$protocol is DISABLED" -ForegroundColor Red
    }
}

Write-Host

# Check if TLS 1.2 is available for RDP
if ($enabledProtocols -contains "TLS 1.2") {
    Write-Host
    Write-Host "TLS 1.2 is ENABLED - Should work for RDP/RDS" -ForegroundColor Green
} else {
    Write-Host
    Write-Host "TLS 1.2 is NOT ENABLED - This may cause RDP/RDS connection issues" -ForegroundColor Red
    Write-Host "Run the TLS 1.2 enablement commands to fix this." -ForegroundColor Yellow
}

NO SLEEP

00:00

Password Generator

↻ Refresh

Most Viewed

Most Recent