I get an error when running this...

I was able to get it to run successfully by clicking at the start of Line 2 > pressing Backspace once > pressing Enter once > re-running script.

Tried same thing in Worklet Evaluation Code > Saved > Ran manually > Still failed.

Any ideas?

this code is missing a } before the else statement.

Remediation:
 

$ProtocolList       = @("SSL 2.0","SSL 3.0","TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3")
$ProtocolSubKeyList = @("Client", "Server")
$DisabledByDefault = "DisabledByDefault"
$Enabled = "Enabled"
$registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"

foreach($Protocol in $ProtocolList)
{
  Write-Host " In 1st For loop"
  foreach($key in $ProtocolSubKeyList)
  {
    $currentRegPath = $registryPath + $Protocol + "\" + $key
    Write-Host " Current Registry Path $currentRegPath"

    if(!(Test-Path $currentRegPath))
    {
      Write-Host "creating the registry"
      New-Item -Path $currentRegPath -Force | out-Null
    }
    if($Protocol -eq "TLS 1.2")
    {
      Write-Host "Working for TLS 1.2"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    }
    if($Protocol -eq "TLS 1.3")
    {
      Write-Host "Working for TLS 1.3"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    }
    else
    {
      Write-Host "Working for other protocol"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "1" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "0" -PropertyType DWORD -Force | Out-Null
    }
  }
}

Hi,

There’s a bug in the remediation code, it will actually deactivate TLS 1.2 instead of activating it because of a bad if/else logic!

Here’s my improved version:

$ProtocolList       = @("SSL 2.0","SSL 3.0","TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3")
$ProtocolSubKeyList = @("Client", "Server")
$DisabledByDefault = "DisabledByDefault"
$Enabled = "Enabled"
$registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"

Write-Host "Started..."
foreach($Protocol in $ProtocolList)
{
  foreach($key in $ProtocolSubKeyList)
  {
    $currentRegPath = $registryPath + $Protocol + "\" + $key
    Write-Host "Current Registry Path $currentRegPath"

    if(!(Test-Path $currentRegPath))
    {
      Write-Host "-- Adding registry entry"
      New-Item -Path $currentRegPath -Force | out-Null
    }

    if($Protocol -eq "TLS 1.2")
    {
      Write-Host "-- Activating registry entry"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    }
    elseif($Protocol -eq "TLS 1.3")
    {
      Write-Host "-- Activating registry entry"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    }
    else
    {
      Write-Host "-- Disabling registry entry"
      New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "1" -PropertyType DWORD -Force | Out-Null
      New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "0" -PropertyType DWORD -Force | Out-Null
    }
  }
}
Write-Host "Finished..."

Hope this helps!

C.