Solved

Worklet for verfiying version of TLS in enabled

  • 15 February 2023
  • 1 reply
  • 81 views

Badge

Hi we have a request to check the TLS version for a group of servers. I see there is an article, copied below, for enforcing registry settings but what about just checking? Could I leave the remediation code blank?

The key I want to check for is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled

 

https://help.automox.com/hc/en-us/articles/5352120268820-Enforce-Windows-Registry-Settings-Worklet

icon

Best answer by JohnG-Automox 16 February 2023, 16:03

View original

1 reply

Userlevel 3

Hi Walker,

 

You are on the right path with this!

 

Before we dig into some code, let’s review a few notes regarding Automox worklets:

  1. Automox evaluation code is ran every time a device scans. During the scan, the evaluation code will determine if a device is compliant or not based on the logic you specific.  An Exit 0 status with the Evaluation code deems the device is compliant and the worklet will not execute. 
  2. Any non-zero value (such as an Exit 1) will deem the device as non-compliant and then schedule the remediation code to run based on your Worklet’s schedule.
  3. Evaluation code output is not logged within Automox. Only the results of the Remediation Code run will be logged.

More on Worklet evaluation code can be read here: https://help.automox.com/hc/en-us/articles/5352100773396-How-to-Use-Worklets

 

With all that being said, if you pass an Exit 1 in the Evaluation code, it will always trigger a Remediation code run.

 

You can use this method to write a simple worklet that checks the registry key values and appends the results to the activity log.


Below is a quick example:

 

Evaluation Code:

Exit 1

Remediation Code:

#Define the path to the registry key
$RegPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\"

#If the registry key is found, the contents of the hive will append to the Automox Activity Log.
if (Get-ItemProperty -Path $RegPath)
{
Write-Output "The registry key was found. The values are as follows:"
Write-Output (Get-ItemProperty -Path $RegPath)
Exit 0
}

#If the key is not found, the script will append a null return to the Activity Log and exit.
else
{
Write-Output "The registry key was not found."
Exit 0
}

 

The results of the worklet run will show in your Automox Activity Log for further analysis:

 

 

If you are looking for a more advanced worklet that enforces specific TLS values, I recommend checking out @TJ_Coppola’s Community worklet here: 

 

 

I hope this helps! Have a great day!

Reply