Windows 10 Archives - Page 27 of 51

6 Best Ways to Disable Cortana in Windows 11

This article explains how you can disable Cortana in Windows 11 using different methods. You can disable the Cortana in Windows 11 or even uninstall it if you don’t use it.

Cortana in a cloud-based assistant by Microsoft that assists users with voice commands. Cortana in Windows has a chat-based UI that gives you the ability to interact using typed or spoken natural language queries.

In the latest update to Cortana in Windows, you can search for documents and compose quick emails. You can also invoke the app using the wake word “Cortana.” Cortana can also launch Alexa app on Windows 10 (if it’s already installed).

Note that you must sign in with your Microsoft account to use Cortana app. To learn about Cortana in detail, refer to the Microsoft documentation on Cortana.

Table of Contents

What can you do with Cortana in Windows 11?

Here are some of the things you can do with Cortana in Windows 11:

Calendar and Schedule Assistance – Check your calendar, know the meeting schedule etc.
Meeting Help – Join Teams meetings, find what’s the next meeting is and with whom, book a meeting with your colleague in the organization etc.
Find out about people in your organization – Cortana can help you learn about people in your organization
Make lists and set reminders and alarms – You can ask Cortana to create a new list or add something to a list you already have
Launch Apps – With voice commands, the Cortana can launch the apps installed on your Windows. For example, you can launch Word app, Calculator etc.
Get definitions and quick answers
Get weather and news updates – You can get the weather information and new updates using Cortana. This is very similar to news and interests widget that offers a quick overview of key headlines and weather information relevant to you.

Why Disable Cortana in Windows 11?

If Cortana is so useful, then why disable it? The answer is not all the Windows users like Cortana because it’s not accurate all the time and the app consumes a lot of system resources.

In addition, most users can simply work without using Cortana in daily routine. If you open Microsoft Store and read the Cortana app reviews, the users have expressed concerns about this app. The Cortana app in Microsoft Store has an overall rating of 1.8/5 which doesn’t seem good.

Plus Cortana collects your personal information, search history, email information and stores it on cloud which for some users is not ok.

In Windows 11, Cortana is still present, but it’s no longer part of the first boot experience. However, in Windows 11, you can turn off Cortana if you don’t like it or even uninstall it completely.

There are multiple ways to disable Cortana in Windows 11. This article covers different methods to temporarily or permanently disable Cortana as well as fully uninstall Cortana from Windows 11.

To summarize, we will use the following methods to disable the Cortana in Windows 11:

Using Windows 11 Settings
Using Task Manager in Windows 11
Disable Cortana using Group Policy
Use PowerShell commands to disable Cortana
Intune or Microsoft Endpoint Manager
Configuration Manager

Method 1 – Turn off Cortana from Windows 11 Settings

You can turn off the Cortana from Windows 11 settings with following steps. Click Start and launch the Windows 11 Settings app. You can use the shortcut command Win+I to directly launch the settings app.

From the list of settings, select Apps and then select Apps & Features.

Turn off Cortana from Windows 11 Settings

On the Apps & Features window, you should find all the apps installed on Windows 11. From the App list, search for Cortana app. Once the Cortana app appears in the listing, click on the vertical dots and select Advanced Options.

The advanced options for Cortana displays additional settings to manage the app. Under Runs at log-in, turn off the Cortana. By moving the slider to off, you disable Cortana in Windows 11.

Note that the above step temporarily disables the Cortana app in Windows 11. The user can manually turn on the Cortana app whenever required.

Method 2 – Disable Cortana using Task Manager on Windows 11

In Windows 11, you can quickly disable Cortana using the task manager:

On Windows 11, use the shortcut keys Ctrl+Shift+Esc to launch the task manager.
When the task manager opens, click the Startup tab.
From the list of start up apps, click the Cortana app and select Disable button.
You may also right-click Cortana and choose the Disable option.

Disable Cortana using Task Manager on Windows 11

Method 3 – Disable the Cortana from Registry Editor

You can permanently disable Cortana in Windows 11 by editing the registry. Before you modify the registry, either create a system restore point or backup the entire registry.

Launch the Registry editor on Windows 11 by running the command regedit. Once the registry editor opens, go to the following registry path.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

If you don’t find the Windows Search key, you must create a new key. Let’s start by creating a new key under Windows and name it as Windows Search.

Right click Windows Search key and select New > DWORD (32-bit) Value.

Disable the Cortana from Registry Editor — Disable Cortana in Windows 11 from Registry Editor

Enter the value name as AllowCortana and the value data is 0. By setting the AllowCortana value to 0, you disable Cortana in Windows 11. Click OK to save the changes.

Disable Cortana from Registry Editor — Disable Cortana in Windows 11 from Registry Editor

After making the above changes to registry, restart Windows 11 PC. Log in to Windows 11 PC and launch the Cortana app. You should see the following message “Cortana is disabled. To use Cortana you need to get permission from your administrator“. This confirms the Cortana app is disabled on Windows 11.

Method 4 – Disable Cortana using Group Policy (GPO)

You can disable Cortana permanently in Windows 11 using Group Policy. The Group Policy method is useful when you want to disable the Cortana access on domain joined Windows 11 PCs.

When you want to disable Cortana on multiple Windows 11 computers that are joined to an Active Directory domain, the group policy is the best option.

Before you create a GPO to disable Cortana, have few devices for testing purpose. It is not recommended deploying a GPO directly to production servers and workstations.

Let’s create a new GPO to disable Cortana in Windows 11. Log in to a domain controller or a member server installed with GPMC. Launch the Group Policy Management Tools from Server Manager > Tools.

Once the Group Policy Management console is launched, expand the domain and right-click Group Policy Objects and select New.

Note: We are going to create a new GPO which should then be linked to an OU later.

Disable Cortana in Windows 11 using Group Policy

Specify the GPO name as Disable Cortana or something similar and click OK.

In the Group Policy Management editor, navigate to following settings Computer Configuration > Administrative Templates > Windows Components > Search.

From the list of policy settings, right-click the setting named “Allow Cortana” and select Edit. The Allow Cortana policy settings include:

This policy setting specifies whether Cortana is allowed on the device.
If you enable or don’t configure this setting, Cortana will be allowed on the device. If you disable this setting, Cortana will be turned off.
When Cortana is off, users will still be able to use search to find things on the device.

Set Allow Cortana to Disabled. With the selected setting, you disable the Cortana on Windows 11. Click Apply and OK.

After following the above steps, in the GPMC console, right-click the OU that you want to target the GPO and select Link an existing GPO and select the Disable Cortana GPO.

Once you have linked the GPO to a OU or to an entire domain, the computers will download the policy based on the Group Policy refresh interval. The Group Policy refresh interval for computers policy lets you specify how much the actual update interval varies.

Read: How to modify the Group Policy Refresh Interval

After the Disable Cortana GPO is successfully applied to the domain computers, the access to Cortana app will be disabled for Windows 11.

Method 5 – Uninstall Cortana in Windows 11 using PowerShell

If you have decided to uninstall Cortana from Windows 11, you can do it using PowerShell:

On Windows 11 PC, launch the PowerShell as administrator.
Paste the following command in the PowerShell window and press Enter key.
Get-AppxPackage -AllUsers Microsoft.549981C3F5F10 | Remove-AppPackage.
The above PowerShell cmd uninstalls the Cortana from Windows 11 for all users.

Uninstall Cortana in Windows 11 using PowerShell

Note: You don’t have to reboot the computer after uninstalling Cortana.

Method 6 – Disable Cortana using Intune (MEM)

Using Intune, you can easily disable Cortana on Windows 11 managed PCs using Configuration Profiles. The Intune Catalog settings lets you define the settings to disable the Cortana access on Windows 10 and Windows 11 devices.

Let’s see how to disable Cortana using Intune. First sign-in to the Intune Portal (Microsoft Endpoint Manager admin center). Go to Devices > Windows > Configuration Profiles. Select Create Profile.

Disable Cortana using Intune – Create Configuration Profile

When you create a profile in Intune, you specify the Platform and Profile Type. In this example, select the Platform as Windows 10 and later and Profile Type as Settings Catalog. Click Create.

Disable Cortana using Intune – Create Configuration Profile

On Create Profile Basics tab in Intune portal, enter the name of the profile to “Disable Cortana Access” or “Turn off Cortana“. Enter a brief description about the profile and click Next.

Create Profile – Name

On the Configuration Settings tab, we will use settings catalog in Intune to define the settings to turn off Cortana. Select +Add Settings.

Create Profile – Configuration Settings

The Settings picker window gives you an option to search for the correct keywords or terms related to settings. Enter the search term as “Cortana” and click Search button.

From the list of search results, click the Experience category and now select the Setting name – Allow Cortana.

Settings Picker - Cortana Experience — Settings Picker – Cortana Experience

Allow Cortana – Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device.

By default, the Allow Cortana setting is set to “Allow“. To disable the Cortana on Windows 10 and Windows 11 devices, set the Allow Cortana setting to “Block“. By setting the Allow Cortana to Block, you disable the Cortana on endpoints.

Click Next to continue.

On the Assignments tab, click Add Groups to include the group of devices on which you want to disable Cortana. Click Next to continue.

Turn Off Cortana Access - Assignments — Turn Off Cortana Access – Assignments

Scope tags are optional, but you may define them if required. I am going to skip and click Next.

Turn Off Cortana Access - Scope Tags — Turn Off Cortana Access – Scope Tags

On the Review + Create tab, take a final look at the settings that you defined so far. If it’s all good, click Create.

Turn Off Cortana Access - Review and Create — Turn Off Cortana Access – Review and Create

After you create the policy, a notification will appear automatically in the top right-hand corner with a message. Policy Created – “Disable Configure Access” created successfully. The policy is also shown in the Configuration profiles list along with other profiles.

After you deploy the policy, the assigned groups will receive the profile settings once the devices check-in with the Intune service.

To monitor the Intune policy assignment, from the list of Configuration Profiles, select the policy and here you can check the device and user check in status. If you click View Report, additional details are displayed.

Once the devices receive the policy settings from Intune, log in to one of the devices and launch Cortana. Now you should see Cortana is disabled message. This confirms that you can disable the Cortana access using Intune on your Windows devices.

How To Reinstall Cortana App in Windows 11

If you have uninstalled Cortana app from Windows 11 using any of the above methods and want to reinstall it, the process is simple.

To reinstall the Cortana app, launch the Microsoft Store app in Windows 11. Search for Cortana app in Microsoft Store and click Get. The latest Cortana app will be downloaded and installed on the Windows 11 PC.

How To Reinstall Cortana App in Windows 11

Conclusion

Disabling the Cortana from Windows 11 is optional. If you are not going to use Cortana app, you can easily disable it with any of the methods covered in this post.

Source :
https://www.prajwaldesai.com/best-ways-to-disable-cortana-in-windows-11/

How to Disable Cortana in Windows 10

Microsoft doesn’t want you to disable Cortana. You used to be able to turn off Cortana in Windows 10, but Microsoft removed that easy toggle switch in the Anniversary Update. But you can still disable Cortana via a registry hack or group policy setting. This transforms the Cortana box into a “Search Windows” tool for local application and file searches.

Cortana has become increasingly restrictive since Windows 10’s release. It was previously updated to ignore your default web browser. Cortana now always launches the Microsoft Edge browser and only uses Bing when you search. If that sounds like something you wouldn’t want to use, here’s how to turn it off.

Home Users: Disable Cortana via the Registry

If you have Windows 10 Home, you’ll have to edit the Windows Registry to make these changes. You can also do it this way if you have Windows 10 Professional or Enterprise, but just feel more comfortable working in the Registry as opposed to Group Policy Editor. (If you have Pro or Enterprise, though, we recommend using the easier Group Policy Editor, as described in the next section.

Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.

You should also make a System Restore point before continuing. Windows will probably do this automatically when you install the Anniversary Update, but it couldn’t hurt to make one manually–that way, if something goes wrong, you can always roll back.

Then, open the Registry Editor by pressing Windows+R on your keyboard, typing “regedit” into the box, and pressing Enter.

Navigate to the following key in the left sidebar:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

If you don’t see a “Windows Search” key (folder) below the Windows folder, right-click the Windows folder and select New > Key. Name it “Windows Search”.

Right-click the “Windows Search” key (folder) in the left pane and select New > DWORD (32-bit) Value.

Name the value “AllowCortana”. Double-click it and set the value to “0”.

You can now close the registry editor. You’ll have to sign out and sign back in or restart your computer before the change takes effect.

To undo your change and restore Cortana in the future, you can just return here, locate the “AllowCortana” value, and delete it or set it to “1”.

Download Our One-Click Registry Hack

Rather than editing the registry yourself, you can download our Disable Cortana registry hack. Just open the downloaded .zip file, double-click the “Disable Cortana.reg” file, and agree to add the information to your registry. We’ve also included an “Enable Cortana.reg” file if you’d like to undo the change and re-enable Cortana later.

You’ll have to sign out and sign back in–or restart your computer–before the change will take effect.

These .reg files just change the same registry settings we outlined above. If you’d like to see what this or any other .reg file will do before you run it, you can right-click the file .reg and select “Edit” to open it in Notepad. You can easily make your own Registry hacks.

Pro and Enterprise Users: Disable Cortana via Group Policy

If you’re using Windows 10 Professional or Enterprise, the easiest way to disable Cortana is by using the Local Group Policy Editor. It’s a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what it can do. Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.

First, launch the group policy editor by pressing Windows + R, typing “gpedit.msc” into the box, and pressing Enter.

Navigate to Computer Configuration > Administrative Templates > Windows Components > Search.

Locate the “Allow Cortana” setting in the right pane and double-click it.

Set the Allow Cortana option to “Disabled” and then click “OK”.

You can now close the group policy editor. You’ll have to sign out and sign back in–or restart your PC–for this change to take effect.

To re-enable Cortana, return here, double-click the “Enable Cortana” setting, and change it to “Not Configured” or “Enabled”.

Source :
https://www.howtogeek.com/265027/how-to-disable-cortana-in-windows-10/

Allow RDP Access to Domain Controller for Non-admin Users

By default, only members of the Domain Admins group have the remote RDP access to the Active Directory domain controllers‘ desktop. In this article we’ll show how to grant RDP access to domain controllers for non-admin user accounts without granting administrative privileges.

Many of you can quite reasonably ask: why would ordinary domain users should have access to the DC desktop? Indeed, in small or middle size infrastructures, when several administrators with the privileges of domain admins maintain them, you’ll hardly need this. In most cases, delegating some administrative permissions in Active Directory or using PowerShell Just Enough Administration (JEA) is sufficient.

However, in large corporate networks maintained by many administrators, it may become necessary to grant RDP access to the DC (usually to branch office DC’s or RODC) for different server admin groups, monitoring team, on-duty administrators, or other technical staffs. Also, from time to time some of the third-party services, not managed by the domain administrators, are deployed on the DC, and there’s a need to maintain these services.

Contents:

Tip. Microsoft doesn’t recommend to install the Active Directory Domain Services and Remote Desktop Service role (terminal server) on a single server. If there is only one physical server, on which you want to deploy both DC and RDS, you’d better use virtualization, since Microsoft virtualization licensing policy allows you to run two virtual servers under the same Windows Server Standard license.

To Sign in Remotely, You Need the Rights to Sign in through Remote Desktop Services

After the server has been promoted to the domain controller, you cannot manage local users and groups from the Computer Management mmc snap-in. When you try to open Local Users and Groups (lusrmgr.msc) console, the following error appears:

The computer xxx is a domain controller. This snip-in cannot be used on a domain controller. Domain accounts are managed with the Active Directory Users and Computers snap-in.

The computer xxx is a domain controller. This snip-in cannot be used on a domain controller. Domain accounts are managed with the Active Directory Users and Computers snap-in.

As you can see, there are no local groups on the domain controller. Instead of the local group Remote Desktop Users, the DC uses the built-in domain group Remote Desktop Users (located in the Builtin container). You can manage this group from the ADUC console or from the command prompt on the DC.

Display the members of the domain group Remote Desktop Users on the domain controller using the command:

net localgroup "Remote Desktop Users"

As you can see, it is empty. Add a domain user it-pro to it (in our example, it-pro is a regular domain user without administrative privileges):

net localgroup "Remote Desktop Users" /add corp\it-pro

Make sure that the user is added to this group:

net localgroup "Remote Desktop Users"

You can also verify that the user is now a member of the Remote Desktop Users domain group using the ADUC (dsa.msc) snap-in.

domain builtin group Remote Desktop Users

However, even after that, a user still cannot connect to the DC via Remote Desktop with the error:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.

Group Policy: Allow Log on through Remote Desktop Services

To allow a domain user or group a remote RDP connection to Windows, you must grant it the SeRemoteInteractiveLogonRight privileges. By default, only members of the Administrators group have this right. You can grant this permission using the Allow log on through Remote Desktop Services policy.

In Windows 2003 and older this policy is called Allow log on through terminal services.

To allow remote connection to the domain controllers for members of the Remote Desktop Users group you need to change the settings of this policy on your domain controller:

Launch the Local Group Policy Editor (gpedit.msc);
Go to the GPO section Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment;
Find the policy Allow log on through Remote Desktop Services;After the server is promoted to the DC, only the Administrators group (these are Domain Admins) remains in this local policy.
Edit the policy, add the domain group Remote Desktop Users (like this: domainname\Remote Desktop Users), or directly the domain user, or a group (domain\CA_Server_Admins) to it;
Update the Local Group Policy settings on the DC using the command: gpupdate /force

Note that the group that you added to the Allow log on through Remote Desktop Services policy should not be present in the “Deny log on through Remote Desktop Services” policy , because it has a higher priority (check the article Restricting Network Access under local accounts). In addition, if you are restricting the list of computers on which users can log on, you need to add the DC name to the properties of the AD account (LogonWorkstations user attribute).

Note. To allow a user to log on to the DC locally (via the server console), you must add the account or group to the policy “Allow log on locally”. By default, this permission is allowed for the following domain groups:

Backup Operators
Administrators
Print Operators
Server Operators
Account Operators

It is better to create a new security group in the domain, for example, AllowLogonDC and add user accounts to it that need remote access to the DC. If you want to allow access to all AD domain controllers at once, instead of editing of the Local Policy on each DC, it’s better to add a the user group to the Default Domain Controllers Policy using the GPMC.msc console (change the policy settings in the same section: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Allow log on through Remote Desktop Services).

Warning. If you change the Default Domain Controllers Policy, don’t forget to add the domain/enterprise administrator groups to the policy Allow log on through Remote Desktop Services, otherwise they will lose remote access to the DCs.

default domain controller policy: allow logon over rdp

Now the users (groups) you added to the policy will be able to connect to the AD domain controllers via RDP.

If you need to grant non-administrator users the permissions to start/stop certain services on a DC, use the following guide.

The Requested RDP Session Access is Denied

In some cases, when connecting via RDP to a domain controller, an error may appear:

The requested session access is denied.

the requested rdp session access is denied

If you are connecting to the DC under a non-admin user account, this could be due to two problems:

You are trying to connect to the server console (using the mstsc /admin mode). This connection mode is only allowed for administrators. Try to connect to the server using mstsc.exe client in normal RDP mode (without /admin option);
The server may already have two active RDP sessions (by default, you can’t use more than two simultaneously RDP sessions on Windows Server without RDS role). You cannot log off other users without administrator permissions. You need to wait for the administrators to release one of the sessions.

Source :
http://woshub.com/allow-non-administrators-rdp-access-to-domain-controller/

How to setup SMTP Relay in Office 365

If you plan to keep your existing on-prem exchange server then it can be used / utilized as a SMTP Relay server. Else, if you plan to decommission the exchange server for good, you can utilize Office365 as a SMTP Relay server to relay the emails.

There are three ways to setup SMTP Relay in Office 365:

SMTP Auth client Submission
Direct Send
Office 365 SMTP Relay

I recommend using either Office 365 SMTP Relay method or Direct Send method to configure SMTP Relay in Office 365. Please refer to the section Direct Send vs Office 365 SMTP Relay which will help you decide which one to use for your organization.

Below are some suggestions which can help you choose between Office 365 SMTP Relay and Direct Send method.

📌 Direct Send Method does not work if you want to send the email to External recipients for example any Gmail, Yahoo, Hotmail email address. Direct End method can send an email to External recipients if the External Organization is also using Office 365 to host the mailboxes.

📌If your requirement is to send emails to Internal and any External domain recipients then choose Office 365 SMTP Relay Method.

1. SMTP Auth client Submission Method

Below are the Pre-requisites for using SMTP Auth client submission method to configure SMTP relay in Office365:

A Licensed Office365 User Mailbox is required.
SMTP AUTH must be enabled for Mailbox which will be used to send the emails.
Device must support TLS 1.2 or above (Please check the vendor documentation to confirm this).

If your authentication policy disables basic authentication for SMTP, clients cannot use the SMTP AUTH protocol. Microsoft will disable Basic authentication for all new and existing tenants starting from 1st Oct 2022. Therefore, this is my least recommended option for configuration of SMTP relay in Office 365.

Direct Send vs Office 365 SMTP Relay

Direct Send method and Office 365 SMTP Relay method both use MX Endpoint of your domain to configure SMTP Relay. Both can be used when your environment has SMTP AUTH disabled.

Use Direct Send when you need to send messages to recipients in your own organization who have mailboxes in Office 365. Direct send will not work if you want to send email to External email address (Gmail, yahoo, hotmail etc.). However, If the external recipient mailboxes are also hosted on Office 365, it will work fine.

Direct Send does not require your device or application to have a static IP address to configure it. However, Static IP address is recommended so that an SPF record can be created for your domain. The SPF record helps avoid your messages being flagged as spam.

Direct Send and Office 365 Relay both does not require your device to Support TLS.

Direct Send method Office 365 SMTP Relay — *Source:Microsoft. How Direct Send Works ?*

Featues	Direct Send	Office 365 SMTP Relay
Send to Internal Users	Yes	Yes
Send to External Users	No (Yes, for external recipients having Office365 Mailboxes)	Yes
Network Port Requirement	Port 25	Port 25
TLS Requirement	Optional	Optional
Requires Authentication	None	Device / Printer / Application must have Static IP address assigned.

2. Configure SMTP Relay in Office 365 using Direct Send method

In the previous section of this blog post, I have explianed the difference between Direct Send and Office 365 SMTP Relay method. If Direct Send meets your requirements and you do not have any requirements for sending an email to External recipients like Gmail, yahoo, hotmail etc. You can follow below steps to configure it.

1. Find MX Endpoint of your Domain

To find the MX Endpoint of your domain, You need to follow below steps:

Login on Microsoft 365 admin center.
Go to Settings and click on Domains.
Click on your organization domain name. For example: techpress.net.
Click on DNS records Tab.
You can find MX Endpoint on DNS records tab. Click on it to Open.

You will find the MX Endpoint under Points to address or value column. Click on it to copy it on a notepad.

The format of the MX Endpoint is yourdomain-com.mail.protection.outlook.com

*Locate MX Endpoint of your domain from Microsoft 365 admin center*

2. Find the Static IP Address of the Device or Application [Optional]

As Microsoft Recommends to use Static IP Address for Direct Send Method but its not mandatory. If your Device or Application is not using a static IP address, make sure you assign a static IP address and then note down the IP Address of the device on a notepad. We will add static IP address of the device in your domain’s SPF record.

3. Update SPF Record [Optional]

This is also an optional step but highly recommended by Microsoft. Updating SPF record with Static IP Address of your Device or Application will help to avoid your emails being marked as SPAM. SPF records identifies which servers are allowed to send emails on behalf of the your domain.

Example:

Device / Printer IP Address: 10.20.1.56
Currently configured SPF record: v=spf1 include:spf.protection.outlook.com -all

Add your Device / Application IP Address in the SPF record as below:

v=spf1 ip4:10.20.1.56 include:spf.protection.outlook.com -all

4. Configure your Device / Application for Direct Send SMTP Relay

Last and final step is to configure your Device / Application and add SMTP relay details so that Device / Application can send emails using the Direct Send SMTP Relay. In our Example, we will be using a Printer to configure Direct Send. Let’s see which SMTP settings needs to be configured on the Printer.

If you want to configure SMTP Relay for a device other than your printer, You can still use below SMTP details to configure it.

SMTP Server	Port	TLS	UserName	Password
MX Endpoint For Example: `<yourdomain>-<domain extension.mail.protection.outlook.com`	25	Not Required (Recommendation is to enable if this option is available)	Any Email Address of your domain. This user does not require a mailbox. For example: myscanner@techpress.net	Not required (you can turn off SMTP Authentication)

Example:

I have captured a screenshot of one of my Printers to show you how to configure Direct Send. You can use the same settings to configure Direct Send on any other device as well. This screenshot is just for your reference:

*Office 365 SMTP Relay Direct Send method Configuration on Konika Minolta printer*

5. Create Bypass Spam Filtering Rule [Optional]

This step is optional and you do not need to create a bypass SPAM Filtering rule in Exchange Online. You have updated SPF record with your device IP address which should avoid the emails sent from your device to be marked as SPAM.

If your emails are still going into the SPAM folder. You can create a SPAM Bypass rule in office365 for the email ID which you have used to send the email from on the device.

Login to Exchange online management portal
Click on Mail flow -> Rule -> Create a Rule.

*Create SPAM Bypass rule for the Device IP on Exchange Admin Center*

3. Configure using Office 365 SMTP Relay Method

Office 365 SMTP Relay Method - How it Works? — *Source: Microsoft. Office 365 SMTP Relay Method – How it Works?*

Direct Send method has limitations of sending the emails to external recipients. However, Office 365 SMTP Relay does not have that kind of limitation in place. You can use Office 365 SMTP Relay Method to send the email to any External recipient. Let’s check the steps to configure Office 365 Relay on your Device.

1. Find Public IP Address of the Device or Application

First thing you need to do is to find the public IP address of the Device or Application. If your device is not assigned with a Public IP and is using Dynamic IP address, Please update it to use Static IP Address. Copy the IP address in a notepad. We will need this IP Address while configuring a Connector in Exchange Online.

2. Create a Connector on Exchange Admin Center

Next step is to create a connector on Exchange Admin Center. Please follow below steps to create a connector:

Login on Microsoft Exchange Admin Center
Click on Mail Flow and then Connectors
Click on + Add a connector
On Add a Connector Page. Select Connection from Your organization’s email server and Connection to Office 365 and click on Next to proceed.

*Create a new connector on Exchange Admin Center for configuration of SMTP Relay*

Provide a Connector Name and Description. Click on Next to Proceed.

*Provide a Name and Description of the Connector*

On Authenticating sent email page. Select the option “By verifying that the IP address of the sending server matches one of the following addresses, which belongs exclusively to your organization“.

Add your Device / Application IP Addresses into the list. Add all Device’s IP addresses which you want to configure for Office 365 SMTP Relay. For example, In my organization I have 3 Printers which I want to configure for SMTP Relay. Therefore I have added the IP addresses of those 3 printers here.

*Add Printer IP Addresses in Authenticating sent email*

On Review connector page, you can review the connector configuration and click on Create connector to create this Connector.

*Review Connector page on Exchange Admin Center*

3. Update SPF Record

Now you need to update the SPF record and add all the Device IP’s in the SPF record which you added in the connector created on Exchange Admin Center.

Example:

Device / Printer IP Addresses: 10.1.20.122, 10.2.1.11 and 10.2.5.89.
Currently configured SPF record: v=spf1 include:spf.protection.outlook.com -all

Add your Device / Application IP Addresses in the SPF record as below:

v=spf1 ip4:10.1.20.122 ip4:10.2.1.11 ipv4:10.2.5.89 include:spf.protection.outlook.com -all

4. Find MX Endpoint of your Domain

To find the MX Endpoint of your domain, You need to follow below steps:

Login on Microsoft 365 admin center.
Go to Settings and click on Domains.
Click on your organization domain name. For example: techpress.net.
Click on DNS records Tab.
You can find MX Endpoint on DNS records pag. Click on it to Open.

You will find the MX Record under Points to address or value column. Click on it to copy it on a notepad.

The format of the MX Endpoint is yourdomain-com.mail.protection.outlook.com

5. Configure your Device / Application for Office 365 SMTP Relay

Last and final step is to configure your Device / Application and add SMTP relay details so that Device / Application can send emails using the Office 365 SMTP Relay.

SMTP Server	Port	TLS	UserName	Password
MX Endpoint For Example: `<yourdomain>-<domain extension.mail.protection.outlook.com`	25	Not Required (Recommendation is to enable if this option is available)	Any Email Address of your domain. This user does not require a mailbox. For example: myscanner@techpress.net	Not required (you can turn off SMTP Authentication)

6. Create SPAM Bypass rule [Optional]

Please refer to the section of Configuration of SMTP Relay using Direct Send method where the steps to create SPAM bypass rule is given. This is an optional troubleshooting step and can be used in case the emails are being marked as SPAM.

Troubleshooting Office 365 SMTP Relay

Now we have setup Office 365 SMTP Relay. In case of any issues in email delivery, you can use below steps to troubleshoot.

Check SMTP AUTH at organization level

You can use below command to check SMTP AUTH at organization level. As we are not using SMTP client submission method, SMTP AUTH should be disabled.

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled

Copy

Check SMTP AUTH at Mailbox level

Get-CASMailbox "Sonia Neil " | fl SmtpClientAuthenticationDisabled

Copy

If you see the output of the command as SmtpClientAuthenticationDisabled: That means this setting is controlled by the corresponding SmtpClientAuthenticationDisabled parameter on the Set-TransportConfig cmdlet for the whole organization.

Test Port 25 using Telnet

If you are facing any issues in email delivery then you can verify if Port 25 is opened or blocked on the Firewall. If Port 25 is blocked then you may need to ask the Network admin to open it for the device IP which is sending emails. You can follow below steps to test Port 25 via Telnet.

Launch Command Prompt on a PC (IP of the PC should be in the same subnet as Device / Printer / Application)
Type Command telnet <MX EndPoint> 25 and press Enter.

(If telnet command is not recognized on the Windows 10 or Windows 11 PC. The Please first Install Telnet Client by going to Start menu -> Type “Turn Windows featured on or off” and find Telnet Client, Select it and click OK).

Once Telnet is installed on your Windows device. You can open a command prompt and type below command to test if Port 25 is opened or not.

Telnet <your MX endpoint> 25

Once you enter on the above command, you should get a response from the server. Which means that Port 25 is opened.

Send a Test email using Telnet

If you want to check the email delivery then you can use the Telnet command and send a test email. This test can confirm if there are any issues in email delivery. You can follow below steps to test a test email using telnet.

Login on a computer in the same subnet as the Device / Printer / Application.
Open Command prompt as administrator.
Type command Telnet <your MX endpoint> 25.

You will get a response back after press enter on the Telnet command. On Telnet Console Type below commands:

ehlo

mail from – Type from email address

rcpt to – Type recipient email address to send a test email.

If the recipient receives this test email then there is no issue witth email delivery.

ehlo
MAIL FROM:<myscanner@techpress.net>
250 2.1.0 Sender OK
RCPT TO:<internal email ID>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
SUBJECT:Hello World

This is a test message

Thanks,
John A.

. <Dot to end the email>

Copy

Check if ISP Public IP Address is banned

When you are sending an email using Telnet and if you get a message saying that your sending IP is banned. Then you need to unblock / remove your IP from banned list so that Devices on your network can send email.

To remove your ISP Public IP Address from banned list, you need to login on https://senders.office.com and type your email ID and ISP Public IP Address of your organization. Follow the instuctions on the site to get your IP De-listed. This may take from 30 minutes to couple of hours to unblock your IP.

After you get your IP De-listed from https://senders.office.com. Try to send an email using Telnet again. This time if your IP is successfully de-listed, the recipient should receive the email.

Test email has been received successfully.

Delisting / Unblock of ISP Public IP on Spamhaus.org

When you are sending an email using Telnet and if you get a message saying that service unavailable, Client host <your ISP Public IP address> blocked using Spamhaus. You need to visit the URL https://www.spamhaus.org/query/ip/<ISP Public IP Address> to get your IP De-listed.

How to unblock your ISP Public IP on spamhaus.org

Please follow below steps to unblock your ISP Public IP from spamhaus.org.

Once you land on https://www.spamhaus.org/query/ip/<ISP Public IP Address> site. Click on Show details and then click on “I am running my own mail server“.

Select I am running my own mail server and clicon on Next steps.

Complete the form for unblocking your ISP Public IP. Provide a Name, Email Address and Provide details regarding the issue. Once you complete this form. click on Submit button.

Form has been submitted. You can now wait for email verification link from Spamhaus.org.

Below is the email I received to verify my email address. Click on the link in the email for Email Verification.

Delisting has been successful. You can now try to use Telnet to send a test email to confirm email delivery issue has been rectifed. You can also check the Device / Printer / application to confirm if its able to send the email now.

Conclusion

In this blog post, we have seem how to setup SMTP Relay in Office 365. There are three ways to configure it. But the most recommended option is Office 365 SMTP Relay Method. Second best method is Direct Send method which can be used if you do not have the requirements to send the emails to External recipients like gmail, yahoo etc.

Third method which is least recommended is SMTP Auth Submisson method. As It requires a licensed mailbox and SMTP AUTH to be enabled for that mailbox. There is a cost associated with licensed mailbox and Microsoft does not recommend SMTP AUTH to be enabled.

We have also see the troubleshooting steps in case of email delivery issues. These troubleshooting steps helped me fixed issues while working on Office 365 relay for Multiple clients.

Source :
https://techpress.net/office-365-smtp-relay-setup-and-configuration/

How to disable TLS 1.0 and TLS 1.1 on Windows servers

Transport Layer Security (TLS) – TLS protocol is used to provide privacy and data integrity between two communicating applications. SSL and TLS are both cryptographic protocols but because SSL protocols does not providers sufficient level of security compared to TLS, SSL 2.0 and SSL 3.0 have been deprecated. TLS 1.0 was released in 1999, TLS 1.1 was released in 2006, TLS 1.2 was released in 2008 and TLS 1.3 was released in 2018.

Most of the companies and Internet Browsers are now moving to TLS 1.2 which is having better security algorithms than TLS 1.0 and TLS 1.1. TLS is more secure than SSL. Mozilla Firefox, Google Chrome, Apple and Microsoft are all ending support for TLS 1.0/1.1 in 2020, so its better to plan ahead of time and test all the applications and create Policies to disable TLS 1.0 and TLS 1.1 on Windows devices.

If you are interested in learning more about these protocols, differences between these protocols and security improvements – you can check Protocols RFC’s (Request for Comments) at these links TLS1.0 RFC, TLS 1.1 RFC, TLS 1.2 RFC and TLS 1.3 RFC.

Similar other Blog posts:

Create a GPO in Active Directory to disable TLS 1.0 and TLS 1.1

We will be creating a Group policy object in Active directory to disable TLS 1.0 and TLS 1.1. You will need to create given registry keys and registry entries to control TLS protocols. Please find below steps to disable TLS 1.0 and TLS 1.1 on windows servers.

How to create a GPO in Active Directory to disable TLS 1.0 and TLS 1.1

Login on a domain controller as a domain administrator.
Open Group policy management console (Go to Start -> Run and type gpmc.msc and press Enter)
Expand Group Policy Objects Folder. Right-click on it and Select New.

Provide a Name of the GPO. For Example: Disable TLS 1.0 and TLS 1.1 Windows servers
Right click on the Group policy “Disable TLS 1.0 and TLS 1.1 Windows Servers” and click on Edit.
Go to Computer Configuration -> Preferences -> Windows settings -> Registry.
Right click on Registry -> click on New -> click on Registry Item.

In the next step, we will create registry keys and registry entries to Disable TLS 1.0 and TLS 1.1. Its recommended to disable SSL 2.0 and SSL 3.0 as well. Most of the newer Windows operating systems have TLS 1.2 enabled by default. However, If you want to control TLS 1.2 and TLS 1.3 then you can use the given registry keys for TLS 1.2 and TLS 1.3.

Registry Keys to disable TLS 1.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to disable TLS 1.1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to disable SSL 2.0 [Recommended]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to disable SSL 3.0 [Recommended]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to Enable TLS 1.2 [Recommended]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to Enable TLS 1.3 [Optional]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000000

Copy

After you click on Registry Item, A window will show where you can enter Information about the registry Item which you want to create. You need to provide below information about the registry Item:

Action: Select Update from the drop-down. Selecting Update will create the registry keys and registry entries if its not found on end users devices.
Hive: Select HKEY_LOCAL_MACHINE
Key Path: You can either browse to the registry path or provide a registry key to create / update.
Value Name: We will be creating two registry entries for each protocol. DisabledbyDefault and Enabled.
Value type: Select REG_DWORD.
Value type: Select 1 to Enable an 0 to disable.

Go through the process of creating an entry for each registry Item. Below screenshot shows that we have Disabled TLS 1.0, TLS 1.1 protocols and Enabled TLS 1.2 and TLS 1.3.

Once you create all the registry Items in the Group policy management console for Disable TLS 1.0 and TLS 1.1 Windows Servers GPO. You can link the GPO to the Organization Unit (OU) containing windows servers.
Please note that as this group policy object contains settings in Computer configuration which will target the Devices. A restart of the computer will be required so that registry entries can be created.

Disable TLS 1.0 and TLS 1.1 using IIS Crypto Tool

If your windows servers are not domain joined or you do not want to create group policy object in Active directory to disable deprecated SSL and TLS protocols. You can download and Install IIS Crypto tool on Windows server and manually select the checkboxes to Disable / Enable SSL / TLS protocols.

Please follow below steps to disable TLS 1.0 and TLS 1.1 using IIS Crypto Tool:

Login on Windows Server using administrator credentials.
Download IIS Crypto GUI tool.
Launch IIS Crypto tool as an administrator.
Uncheck SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 from Server Protocols.
Uncheck SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 from Client Protocols.
Reboot the server.
Repeat Steps 1 to 6 on each server where you want to disable deprecated SSL and TLS protocols.

*Disable deprecated SSL and TLS protocols using IIS Crypto Tool*

Conclusion

In this blog post, we have seen how to disable TLS 1.0 and TLS 1.1 on windows servers. Its highly recommended to disable SSL 2.0 and SSL 3.0 as well. Newer Windows server operting systems have TLS 1.2 and TLS 1.3 enabled but you can still control these protocols using the given registry keys.

If you have only couple of servers and you do not want to create the Active directory group policy or your windows servers are standalone servers and not domain joined. You can use IIS Crypto tool to disable deprecated SSL and TLS protocols.

Source :
https://techpress.net/how-to-disable-tls-1-0-and-tls-1-1-on-windows-servers/

How to disable TLS 1.0 and TLS 1.1 using Powershell on Windows 11

Similar other Blog posts:

Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 using Powershell

We can easily disable TLS 1.0 and TLS 1.1 using Powershell. However its recommended to also disable SSL 2.0, SSL 3.0 as well. We will be using below powershell code to create registry keys and registry entries. Once the registry keys are created, a reboot of that device will be required to complete the change.

Please note below Powershell Code needs to be run as an administrator as it needs to perform changes in Windows registry.

To run Powershell code on Windows 11 computer. Please use below steps:

Login on a Windows 11 PC as administrator.
Open Powershell Console as an administrator.
Run below piece of powershell code to enable / disable SSL / TLS Protocols.

Powershell code to disable SSL 2.0

 New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Force
 New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force    
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Name 'Enabled'           -Value '0' -Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Name 'DisabledByDefault' -value '1' -Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable SSL 3.0

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force  
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable TLS 1.0

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force                                                                                                                                                            
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable TLS 1.1

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force                                                                                                                                                                                 
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to Enable TLS 1.2

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force  
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force                                       
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'

Copy

Powershell code to Enable TLS 1.3

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server'-name 'Enabled'            -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'

Copy

How to verify if TLS 1.0 and TLS 1.1 has been disabled on Windows 11

Please follow below steps to verify if SSL / TLS protocols are disabled or enabled.

Login on Windows 11 PC as an administrator.
Click on Windows Icon / Start Menu -> Search for Registry Editor.
Launch Registry Editor.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols

You should find below registry keys / registry entries:

Disable TLS 1.0 and TLS 1.1 registry key — *HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols*

Registry Keys to check if SSL 2.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if SSL 3.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if TLS 1.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if TLS 1.1 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to check if TLS 1.2 is Enabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to check if TLS 1.3 is Enabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000000

Copy

Conclusion

In this blog post, we have checked the powershell codes to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1. We have checked the Powershell code to enable TLS 1.2 and TLS 1.3. Its highly recommended to disable old unsupported protocols to reduce the security risk on your computer.

Source :
https://techpress.net/how-to-disable-tls-1-0-and-tls-1-1-using-powershell-on-windows-11/

How to disable TLS 1.0 and TLS 1.1 using Powershell on Windows 10

Similar other Blog posts:

Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 using Powershell

Please note below Powershell Code needs to be run as an administrator as it needs to perform changes in Windows registry.

To run Powershell code on Windows 10 computer. Please use below steps:

Login on a Windows 10 PC as administrator.
Open Powershell Console as an administrator.
Run below piece of powershell code to enable / disable SSL / TLS Protocols.

Powershell code to disable SSL 2.0

 New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Force
 New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force    
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Name 'Enabled'           -Value '0' -Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Name 'DisabledByDefault' -value '1' -Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable SSL 3.0

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force  
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable TLS 1.0

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force                                                                                                                                                            
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to disable TLS 1.1

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force                                                                                                                                                                                 
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled'           -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '1' –Type 'DWORD'

Copy

Powershell code to Enable TLS 1.2

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force  
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force                                       
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'

Copy

Powershell code to Enable TLS 1.3

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server'-name 'Enabled'            -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'

Copy

How to verify if TLS 1.0 and TLS 1.1 has been disabled on Windows 10

Please follow below steps to verify if SSL / TLS protocols are disabled or enabled.

Login on Windows 10 PC as an administrator.
Click on Windows Icon / Start Menu -> Search for Registry Editor.
Launch Registry Editor.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols

You should find below registry keys / registry entries:

Registry Keys to check if SSL 2.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if SSL 3.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if TLS 1.0 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001

Copy

Registry Keys to check if TLS 1.1 is disabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to check if TLS 1.2 is Enabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Copy

Registry Keys to check if TLS 1.3 is Enabled

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000000

Copy

Conclusion

In this blog post, we have checked the powershell codes to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1. We have checked the Powershell code to enable TLS 1.2 and TLS 1.3. It’s highly recommended to disable old unsupported protocols to reduce the security risk on your computer.

Source :
https://techpress.net/how-to-disable-tls-1-0-and-tls-1-1-using-powershell-on-windows-10/

Disable Modern Standby in Windows 10

There are two power models in Windows 10, S3 and S0 Low Power idle (Modern Standby). Modern Standby in Windows 10 provides Instant On/Off Experience like smartphones.

Modern Standby enables S0 low power idle power plan which keeps your laptop or desktop in lowest power mode and also allow apps to receive the latest content such as incoming email, VoIP calls, Windows updates etc.

The system will enter Modern Standby when the user take any of below actions:

Presses the system power button.
Closes the lid of the laptop / desktop / tablet.
Selects Sleep from the power button from the Windows Start menu.
Waits for the system to idle and enter sleep automatically, according to the Power and sleep settings.

The amount of battery saving in Modern Standby is calculated by knowing how much time the system was in DRIPS (Deepest run-time idle platform state). DRIPS occurs when the system is consuming the lowest amount of power possible. If there is any background task (like receiving of email, windows update etc.) consumes power, the system is not considered to be in DRIPS mode.

Total Modern Standby session time = DRIPS time + non-DRIPS time

How to disable Modern Standby in Windows 10

There could be a scenario where you do not want to enable Modern Standby on windows 10 and want to use another available and supported power plan for example S3. In that case, you can simply disable Modern standby by following below steps. The steps given requires changes in the registry of the system which will require administrator rights.

Login on the Windows 10 device.
Click on Start and search for Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power
Right click on the right hand side pane and click on New -> DWORD (32-bit) Value

Provide the name of registry entry PlatformAoAcOverride and set its value to 0.
As this registry change is in HKEY_LOCAL_MACHINE, A restart of the PC would be required.

PlatformAoAcOverride registry entry to disable Modern Standby

Disable Modern Standby on Windows 10 using Command line

In the previous section we have seen how to disable Modern standby using GUI Interface of registry editor. If you do not prefer GUI and want to use a command to disable Modern Standby then you can follow below steps:

Login on Windows 10 device.
Go to Start and search for Command prompt.
Right-click on Command prompt and click Run as administrator.
Type below command and press enter.
After this command is executed successfully, Restart your device.

reg add HKLM\System\CurrentControlSet\Control\Power /v PlatformAoAcOverride /t REG_DWORD /d 0

Disable Modern Standby on Windows 10 using Command line

How to check If Modern Standby is supported in Windows 10

Not all devices support Modern standby but the number of systems which support Modern standby are increasing. I have been using Microsoft Surface Pro 4 laptop which supports Modern standby. Here’s how you can check if your device supports Modern Standby.

Login on Windows 10 device.
Click on Start and search for Command Prompt.
Launch Command Prompt.
Type command powercfg -a to check if Modern standby is supported.

Powercfg -a lists the sleep states available on your computer.

In below screenshot, you can see that this Windows 10 device is on Standby (S0 Low Power Idle) Network Connected State which means that Modern Standby is supported and enabled on this device.

If you run powercfg -a command on your system and it shows that S0 Low power idle is not supported then this could be a a limitaton by system’s hardware to support Modern standby. There is nothing you can do to enable it. The alternative is to keep using Standby S3 or any other supported power plan.

powercfg -a to check if modern standby is supported

Modern Standby (S0 Low power idle) can be in Network Connected mode or Network Disconnected mode.

Standby (S0 Low Power Idle) Network Connected: This means that Modern standby with network connectivity in sleep mode.
Standby (S0 Low Power Idle) Network Disconnected: This means that Modern standby without network connectivity while in sleep mode and the system spends most of the time in DRIPS.

FAQs on Modern Standby

Below are some of the frequently asked questions on Modern Standby:

1. Which versions of Windows supports Modern Standby ?

Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows 11 Operating system.

2. How to Re-enable Modern Standby after creating `PlatformAoAcOverride` reg entry ?

If your device supports Modern Standby and you have created PlatformAoAcOverride reg entry under HKLM\System\CurrentControlSet\Control\Power reg key. Simply delete this registry entry and restart your device to enable Modern Standby again.

You can delete PlatformAoAcOverride registry entry manually by using registry editor or launch powershell console as an administrator and run below command to delete it.

Remove-ItemProperty 'HKLM:\System\CurrentControlSet\Control\Power' -Name PlatformAoAcOverride

3. Does my computer support Modern Standby ?

You can easily check this by running a command powercfg -a on the command prompt. If it says Standby (S0 Low Power Idle) Network Connected or Standby (S0 Low Power Idle) Network Disconnected then Modern Standby is supported and Enabled.

4. How to Identify and diagnose issues during a Modern Standby session ?

You can Identify and diagnose any issues related to Modern standby by running Powercfg /sleepstudy command on an elevated command prompt. You can then analyse the report which will be generated and saved at C:\WINDOWS\system32\sleepstudy-report.html location.

Please make sure to open command prompt as an administrator and then run powercfg /sleepstudy

5. How to find all the switches of powercfg command ?

To check the switches of powercfg command, you can run powercfg /? on the command prompt. This will list all available options with detailed information. I have run this command on my device which lists all the switches which can be used with powercfg command:

powercfg /?

C:\WINDOWS\system32>powercfg /?

POWERCFG /COMMAND [ARGUMENTS]

Description:
  Enables users to control power settings on a local system.

  For detailed command and option information, run "POWERCFG /? <COMMAND>"

Command List:
  /LIST, /L          Lists all power schemes.

  /QUERY, /Q         Displays the contents of a power scheme.

  /CHANGE, /X        Modifies a setting value in the current power scheme.

  /CHANGENAME        Modifies the name and description of a power scheme.

  /DUPLICATESCHEME   Duplicates a power scheme.

  /DELETE, /D        Deletes a power scheme.

  /DELETESETTING     Deletes a power setting.

  /SETACTIVE, /S     Makes a power scheme active on the system.

  /GETACTIVESCHEME   Retrieves the currently active power scheme.

  /SETACVALUEINDEX   Sets the value associated with a power setting
                     while the system is powered by AC power.

  /SETDCVALUEINDEX   Sets the value associated with a power setting
                     while the system is powered by DC power.

  /IMPORT            Imports all power settings from a file.

  /EXPORT            Exports a power scheme to a file.

  /ALIASES           Displays all aliases and their corresponding GUIDs.

  /GETSECURITYDESCRIPTOR
                     Gets a security descriptor associated with a specified
                     power setting, power scheme, or action.

  /SETSECURITYDESCRIPTOR
                     Sets a security descriptor associated with a
                     power setting, power scheme, or action.

  /HIBERNATE, /H     Enables and disables the hibernate feature.

  /AVAILABLESLEEPSTATES, /A
                     Reports the sleep states available on the system.

  /DEVICEQUERY       Returns a list of devices that meet specified criteria.

  /DEVICEENABLEWAKE  Enables a device to wake the system from a sleep state.

  /DEVICEDISABLEWAKE Disables a device from waking the system from a sleep
                     state.

  /LASTWAKE          Reports information about what woke the system from the
                     last sleep transition.

  /WAKETIMERS        Enumerates active wake timers.

  /REQUESTS          Enumerates application and driver Power Requests.

  /REQUESTSOVERRIDE  Sets a Power Request override for a particular Process,
                     Service, or Driver.

  /ENERGY            Analyzes the system for common energy-efficiency and
                     battery life problems.

  /BATTERYREPORT     Generates a report of battery usage.

  /SLEEPSTUDY        Generates a diagnostic system power transition report.

  /SRUMUTIL          Dumps Energy Estimation data from System Resource Usage
                     Monitor (SRUM).

  /SYSTEMSLEEPDIAGNOSTICS
                     The system sleep diagnostics report has been deprecated and
                     replaced with the system power report. Please use the command
                     "powercfg /systempowerreport" instead.

  /SYSTEMPOWERREPORT Generates a diagnostic system power transition report.

  /POWERTHROTTLING   Control power throttling for an application.

  /PROVISIONINGXML, /PXML    Generate an XML file containing power setting overrides.

Copy

Conclusion

Modern standby saves your laptop’s or desktop’s battery and keep your device active for longer. If you use your device intermittently or away from your device a lot then this can save a lot of energy. However, there could be a scenario where you do not want to enable Modern standby. In that case you can use the steps given in this blog post to create a registry entry and disable Modern standby.

Source :
https://techpress.net/disable-modern-standby-in-windows-10/

How to troubleshoot Volume shadow Copies on Windows

Vssadmin command

A quite useful built-in command which you can use as a starting point while troubleshooting the Shadow Copies is Vssadmin. Lets run this command with different parameters and check the results.

There are different switches / commands which can be used with vssadmin. To show / list the different commands, Open Powershell as Administrator or Command prompt as an Administrator and type vssadmin

Command	Description	Availability
Vssadmin add shadowstorage	Adds a volume shadow copy storage association.	Server only
Vssadmin create shadow	Creates a new volume shadow copy.	Server only
Vssadmin delete shadows	Deletes volume shadow copies.	Client and Server
Vssadmin delete shadowstorage	Deletes volume shadow copy storage associations.	Server only
Vssadmin list providers	Lists registered volume shadow copy providers.	Client and Server
Vssadmin list shadows	Lists existing volume shadow copies.	Client and Server
Vssadmin list shadowstorage	Lists all shadow copy storage associations on the system.	Client and Server
Vssadmin list volumes	Lists volumes that are eligible for shadow copies.	Client and Server
Vssadmin list writers	Lists all subscribed volume shadow copy writers on the system.	Client and Server
Vssadmin resize shadowstorage	Resizes the maximum size for a shadow copy storage association.	Client and Server
Source:Microsoft

Vssadmin commands

Ensure that the VSS writers are in Stable State

Run the Command vssadmin list writers and make sure that all the VSS writers are in [1] stable state. you may see different vss writers depending upon application server you are running this command e.g. If you are running this command on Microsoft Exchange Server, you will see [Writer name: ‘Microsoft Exchange Writer‘] in addition to the other vss writers. If Microsoft Exchange Writer status is not stable, Restart the Microsoft Exchange Information Store Service or restart Exchange Server and check the writer state again before re-starting the backup job.

Ensure that you can see Registered Shadow Copy Providers

To list the currently registered shadow copy providers, Run the command vssadmin list providers

If you do not see providers listed after running the above command it could be OS related issue or the Volume Shadow Copy Service is not running.

List existing Volume Shadow Copies

To list existing shadow Copies use the command vssadmin list shadows

Lists all shadow copy storage associations on the system.

Run below command to see all storage associations for the existing shadow copies. The default storage allocates 10% of the volume to the shadow copies.

You can also check the Shadow Copy Storage Association on the volume using GUI Method by Right Clicking the Volume -> Properties -> click Shadow Copies Tab.

Run the command vssadmin list shadowstorage /? to get more parameters which you can use with this command. For example you can use /for parameter to list all associations for a specified volume.

Delete Shadow Copies using command line

There are few options or commands you can use to delete the shadow copies. Shadow Copies data is stored in a folder called System Volume information which is a hidden system folder. If you see that the System volume information folder is quite big in size and consuming a lot of space then you can check if you got any stale shadow copies which might be stored in this system folder and which you may want to delete to free up the space. If you decided to get rid of shadow copies from the volume then follow below command line options to complete your task.

wmic command

Use wmic command to delete the shadow copies. When you run this command, you will be on the wmic:\root\cli> prompt. Type shadowcopy delete to delete the the shadow copies one by one. type Y to delete the shadow copy or N to skip to next shadow copy.

Note: To find the shadow copy ID use the command vssadmin list shadows. After using wmic command if you find that the shadow copies are not deleted or you get an error message as shown in the below screenshot, you can either use Vssadmin delete shadows command or Diskshadow command as shown in the next sections.

Vssadmin delete shadows

vssadmin delete shadows command can be used to delete all shadow copies or specific shadow copies from the volume. Use the /? in the end of the command to list parameters which you can use with this command. To delete all shadow copies using vssadmin delete shadows command, you can use below command.

Vssadmin delete shadows /all

diskshadow Command

You can also use diskshadow command to delete all the shadow copies from the system. Open command prompt as administrator -> Type diskshadow -> then on the DISKSHADOW> prompt type delete shadows all to delete / remove all shadow copies from the server.

Diskshadow command reference

Best Practices

Best Practice when configuring the Shadow Copy is to use a disk which will not be shadow copied and have enough free space to store the shadow copies as per the configuration. You get below message when setting it up which suggest the same.

More Information

Volume Shadow Copy Service | Microsoft Docs

Conclusion

In this blog post, we have seen how you can troubleshoot issues related to shadow copies. Vssadmin command is very handy to use on windows devices when you are working on windows devices. You can also find examples of the commands with screenshots.

Source :
https://techpress.net/how-to-troubleshoot-volume-shadow-copies-on-windows/

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings.

A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

Windows includes a security feature called Mark-of-the-Web (MoTW) that flags a file as having been downloaded from the Internet and, therefore, should be treated with caution as it could be malicious.

The MoTW flag is added to a downloaded file or email attachment as a special Alternate Data Stream called ‘Zone.Identifier,’ which can be viewed using the ‘dir /R’ command and opened directly in Notepad, as shown below.

**The Mark-of-the-Web alternate data stream**
*Source: BleepingComputer*

This ‘Zone.Identifier’ alternate data stream includes what URL security zone the file is from (three equals the Internet), the referrer, and the URL to the file.

When a user attempts to open a file with the Mark-of-the-Web flag, Windows will display a warning that the file should be treated with caution.

“While files from the Internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not open this software,” reads the warning from Windows.

**Windows security warning when opening files with MoTW flags**
*Source: BleepingComputer*

Microsoft Office also utilizes the MoTW flag to determine if the file should be opened in Protected View, causing macros to be disabled.

Windows MoTW bypass zero-day flaw

The HP threat intelligence team recently reported that threat actors are infecting devices with Magniber ransomware using JavaScript files.

To be clear, we are not talking about JavaScript files commonly used on almost all websites, but .JS files distributed by threat actors as attachments or downloads that can run outside of a web browser.

The JavaScript files seen distributed by the Magniber threat actors are digitally signed using an embedded base64 encoded signature block as described in this Microsoft support article.

**JavaScript file used to install the Magniber Ransomware**
*Source: BleepingComputer*

https://560aeee9b5a62b70c68af2cae4baaec2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?upapi=true

After being analyzed by Will Dormann, a senior vulnerability analyst at ANALYGENCE, he discovered that the attackers signed these files with a malformed key.

**Malformed signature in malicious JavaScript file**
*Source: BleepingComputer*

When signed in this manner, even though the JS file was downloaded from the Internet and received a MoTW flag, Microsoft would not display the security warning, and the script would automatically execute to install the Magniber ransomware.

Dormann further tested the use of this malformed signature in JavaScript files and was able to create proof-of-concept JavaScript files that would bypass the MoTW warning.

Both of these JavaScript (.JS) files were shared with BleepingComputer, and as you can see below, they both received a Mark-of-the-Web, as indicated by the red boxes, when downloaded from a website.

Mark-of-the-Web on Dormann's PoC exploits — **Mark-of-the-Web on Dormann’s PoC exploits**
*Source: BleepingComputer*

The difference between the two files is that one is signed using the same malformed key from the Magniber files, and the other contains no signature at all.

Dormann's PoC Exploits — **Dormann’s PoC Exploits**
*Source: BleepingComputer*

When the unsigned file is opened in Windows 10, a MoTW security warning is properly displayed.

However, when double-clicking the ‘calc-othersig.js,’ which is signed with a malformed key, Windows does not display a security warning and simply executes the JavaSript code, as demonstrated below.

**Demonstration of the Windows zero-day bypassing security warnings**
*Source: BleepingComputer*

Using this technique, threat actors can bypass the normal security warnings shown when opening downloaded JS files and automatically execute the script.

BleepingComputer was able to reproduce the bug in Windows 10. However, for Windows 11, the bug would only trigger when running the JS file directly from an archive.

Dormann told BleepingComputer that he believes this bug was first introduced with the release of Windows 10, as a fully patched Windows 8.1 device displays the MoTW security warning as expected.

https://platform.twitter.com/embed/Tweet.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1583055972280324097&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fexploited-windows-zero-day-lets-javascript-files-bypass-security-warnings%2F&sessionId=ad0d187be79e9f0d5b7b04498fef77964be23c7f&siteScreenName=BleepinComputer&theme=light&widgetsVersion=1c23387b1f70c%3A1664388199485&width=550px

According to Dormann, the bug stems from Windows 10’s new ‘Check apps and files’ SmartScreen feature under Windows Security > App & Browser Control > Reputation-based protection settings.

“This issue is in the new-as-of-Win10 SmartScreen feature. And disabling “Check apps and files” reverts Windows to the legacy behavior, where MotW prompts are unrelated to Authenticode signatures,” Dormann told BleepingComputer.

https://560aeee9b5a62b70c68af2cae4baaec2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?upapi=true

“So that whole setting is unfortunately currently a tradeoff. On one hand, it does scan for baddies that are downloaded.”

“On the other, baddies that take advantage of this bug can get a LESS-SECURE behavior from Windows compared to when the feature is disabled.”

The zero-day vulnerability is particularly concerning as we know threat actors are actively exploiting it in ransomware attacks.

Dormann shared the proof-of-concept with Microsoft, who said they could not reproduce the MoTW security warning bypass.

However, Microsoft told BleepingComputer that they are aware of the reported issue and are investigating it.

Update 10/22/22

After the publication of this article, Dormann told BleepingComputer that threat actors could modify any Authenticode-signed file, including executables (.EXE), to bypass the MoTW security warnings.

To do this, Dormann says that a signed executable can be modified using a hex editor to change some of the bytes in the signature portion of the file and thus corrupt the signature.

https://platform.twitter.com/embed/Tweet.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-1&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=true&id=1582493426494636032&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fexploited-windows-zero-day-lets-javascript-files-bypass-security-warnings%2F&sessionId=ad0d187be79e9f0d5b7b04498fef77964be23c7f&siteScreenName=BleepinComputer&theme=light&widgetsVersion=1c23387b1f70c%3A1664388199485&width=550px

Once the signature is corrupted, Windows will not check the file using SmartScreen, as if a MoTW flag was not present, and allow it to run.

“Files that have a MotW are treated as if there were no MotW if the signature is corrupt. What real-world difference that makes depends on what type of file it is,” explained Dormann.

Magniber ransomware now infects Windows users via JavaScript files

Microsoft finally releases tabbed File Explorer for Windows 11

Windows Mark of the Web bypass zero-day gets unofficial patch

Microsoft: New Prestige ransomware targets orgs in Ukraine, Poland

Microsoft Exchange servers hacked to deploy LockBit ransomware

Source :
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/