I know this thread is quite old, but I thought I'd update it with my work, so those out there that want to implement this, can. It utilizes the latest registry entries for the security protocols within Internet Explorer 6.0 and later. It's been cleaned up a bit and has been written to be utilized under a certain directory once added as an admin template. To get to this policy setting within the group policy you've added it to, go to "User Configuration" > "Administrative Templates" > "Windows Components" > "Internet Explorer" > "Internet Control Panel" > "Advanced Page". The policy setting's labelled as "Setup Internet Explorer Security Protocols" and includes a drop down list to work with. I have this policy setting defaulted to SSL v3.0 and TLS v1.0, once it's enabled. You'll have to
un-check "Only show policy settings that can be fully managed." before viewing this policy setting. To
un-check the afore-mentioned option, just go to the console's menu at the top, then go to "View" > "Filtering...". You should see this option at the very bottom checked. Just
un-check it,
click "OK" then navigate where you need to be, to change this policy setting. Have fun!
;----------------------------------------
; Administrative Template
; Adding and enabling this template will allow you to change
; the registry value for IE Security Protocols found in the
; Tools > Internet Options > Advanced > Security window.
;
; This template has been modified from the original post online.
; Its been updated with the correct decimal values to ensure the
; proper settings are enabled when applied.
; All decimal values were tested manually to ensure accuracy.
; The option to enable PCT v1.0 has been removed to support at least IE v6.0,
; if anyone actually uses this browser version anymore.
; Original post found on forum at
https://www.pcreview.co.uk/forums/enable-tls-through-registry-t2203443.html
CLASS USER
CATEGORY !!catname1
CATEGORY !!catname2
CATEGORY !!catname3
CATEGORY !!catname4
POLICY !!policyname
#if version >= 4
SUPPORTED !!supported_ie6
EXPLAIN !!explaintext
#endif
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
PART !!labeltext DROPDOWNLIST
VALUENAME "SecureProtocols"
ITEMLIST
NAME !!enableAll VALUE NUMERIC 168
NAME !!enableSSL2 VALUE NUMERIC 8
NAME !!enableSSL3 VALUE NUMERIC 32
NAME !!enableTLS VALUE NUMERIC 128
NAME !!enableSSL2n3 VALUE NUMERIC 40
NAME !!enableSSL2nTLS VALUE NUMERIC 136
NAME !!enableSSL3nTLS VALUE NUMERIC 160 DEFAULT
NAME !!disableAll VALUE NUMERIC 0
END ITEMLIST
REQUIRED
END PART
END POLICY
END CATEGORY
END CATEGORY
END CATEGORY
END CATEGORY
[strings]
catname1 = "Windows Components"
catname2 = "Internet Explorer"
catname3 = "Internet Control Panel"
catname4 = "Advanced Page"
policyname = "Setup Internet Explorer Security Protocols"
supported_ie6 = "At least Internet Explorer 6"
explaintext = "This policy sets up Internet Explorer Security Protocols: SSL v2.0, SSL v3.0 & TLS v1.0. These settings can be applied to machines running Internet Explorer v6.0 or later."
labeltext = "Set IE Security Protocols"
enableAll = "Enable All"
enableSSL2 = "Enable SSL v2.0"
enableSSL3 = "Enable SSL v3.0"
enableTLS = "Enable TLS v1.0"
enableSSL2n3 = "Enable SSL v2.0 & 3.0"
enableSSL2nTLS = "Enable SSL v2.0 & TLS v1.0"
enableSSL3nTLS = "Enable SSL v3.0 & TLS v1.0"
disableAll = "Disable All (not recommended)"
; END TEMPLATE
;---------------------------------------
