This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
I want to start off that I am very new to group policy so I am almost positive that I am the issue. My main goal is to enable and disable specific network protocols, ciphers, hashes, and key exchanges. I am following the settings from here https://admx.help/?Category=Schannel&Policy=Microsoft.Policies.SSLControl . I have already gone through all of the values in this website and set them in seperate gpos, one for each catagory (protocols, ciphers, hashes, and key exchanges) and have one for disabling and one for enabling on each. It says to set the value to 4294967295 to enable and 0 to disable but I have been trying 4294967295 for decimal and FFFFFFFF for hex. I went into gpo under computer configuration -> Windows Settings -> Registry. I have the action to update, hive set to hklm, value as Enabled, value type REG_DWORD, and Value data to what I said earlier. I have tried both hex and decimal but it does not seem to actually apply to the registry on the machine. I some times see "The Group Policy settings for the computer were processed successfully. New settings from 3 Group Policy objects were detected and applied." and others "The computer 'Enabled' preference item in the 'Disable Insecure Ciphers {4E0A3880-B476-4546-A406-A06342356A5F}' Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.". My question is what am I doing wrong here? I think I forgot to mention for the disable policies I am just setting 0. Any help would be amazing. I am also using iis crypto to check the settings.
Subreddit
Post Details
- Posted
- 3 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/activedirec...