Hey friends! After I posted my last blog article, I figured folks may want a quick way to change TLS to 1.2 for all Windows servers they're running (especially if you're running them on-premises). I made the mistake thinking TLS 1.2 was simply turned on for all newer OSes. It pains me to admit when I am wrong with my assumptions, but confession is good for the soul!

By now, you know one of my go-tos is PowerShell. There's a way to loop through all Windows servers and change the TLS settings to 1.2 for each server that's joined to an Active Directory domain.

Take a look at this script: click me. If you have a REALLY large environment, this script may not work for you or maybe you want to export the results to CSV. PowerShell allows for all sorts of flexible ways with extracting data from your environment and all you'd need to tweak is a few things for the output you want. For me, it's simply ensuring TLS 1.2 is enabled for all Windows machines within my home environment (and I don't have a large Windows environment).

For the visual folks, here's what the script looks like (click on the picture for an expanded view):

And the output becomes really helpful as well (this output can be exported into a CSV file for reporting or tracking purposes):

Rather than fix this as time moves forward and certain software upgrades require better security configurations, I wanted to script something out ahead of time that would take care of TLS 1.2 for all Windows servers within my environment. Hopefully this post helps you craft out an automated approach to enable better security within your Windows environments. Cheers!