Hi we have a request to check the TLS version for a group of servers. I see there is an article, copied below, for enforcing registry settings but what about just checking? Could I leave the remediation code blank?
The key I want to check for is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled
Best answer by JohnG-AutomoxView original
You are on the right path with this!
Before we dig into some code, let’s review a few notes regarding Automox worklets:
Exit 0status with the Evaluation code deems the device is compliant and the worklet will not execute.
Exit 1) will deem the device as non-compliant and then schedule the remediation code to run based on your Worklet’s schedule.
With all that being said, if you pass an
Exit 1in the Evaluation code, it will always trigger a Remediation code run.
You can use this method to write a simple worklet that checks the registry key values and appends the results to the activity log.
Below is a quick example:
The results of the worklet run will show in your Automox Activity Log for further analysis:
If you are looking for a more advanced worklet that enforces specific TLS values, I recommend checking out
@TJ_Coppola’s Community worklet here:
I hope this helps! Have a great day!