Enable TLS 1.1 and 1.2 on Windows 7

Windows 7 does not support TLS 1.1 or 1.2 by default. This can be an issue if you are still trying to use Outlook 2010 on Windows 7.

Fortunately there is a way that we can enable TLS 1.1 and 1.2.

First we need to verify that we have the correct Windows update in place. Download the appropriate download and double click it to run.

For 64 bit systems download the update from here

http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu

or for 32 bit systems

http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x86_cdafb409afbe28db07e2254f40047774a0654f18.msu

After the update is finished, create a new text file (AKA PowerShell Script) with the following contents.

$arch=(Get-WmiObject -Class Win32_operatingsystem).Osarchitecture
$reg32bWinHttp = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$reg64bWinHttp = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$regWinHttpDefault = "DefaultSecureProtocols"
$regWinHttpValue = "0x00000a00"
$regTLS11 = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$regTLS12 = "HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
$regTLSDefault = "DisabledByDefault"
$regTLSValue = "0x00000000"

Clear-Host
Write-Output "Creating Registry Keys...`n"
Write-Output "Creating registry key $reg32bWinHttp\$regWinHttpDefault with value $regWinHttpValue"

IF(!(Test-Path $reg32bWinHttp)) {
    New-Item -Path $reg32bWinHttp -Force | Out-Null
    New-ItemProperty -Path $reg32bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
}
ELSE {
    New-ItemProperty -Path $reg32bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
}

IF($arch -eq "64-bit") {
    Write-Output "Creating registry key $reg64bWinHttp\$regWinHttpDefault with value $regWinHttpValue"
    IF(!(Test-Path $reg64bWinHttp)) {
        New-Item -Path $reg64bWinHttp -Force | Out-Null
        New-ItemProperty -Path $reg64bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
    }
    ELSE {
        New-ItemProperty -Path $reg64bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
    }
}

Write-Output "Creating registry key $regTLS11\$regTLSDefault with value $regTLSValue"

IF(!(Test-Path $regTLS11)) {
    New-Item -Path $regTLS11 -Force | Out-Null
    New-ItemProperty -Path $regTLS11 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
    }
ELSE {
    New-ItemProperty -Path $regTLS11 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
}

Write-Output "Creating registry key $regTLS12\$regTLSDefault with value $regTLSValue"

IF(!(Test-Path $regTLS12)) {
    New-Item -Path $regTLS12 -Force | Out-Null
    New-ItemProperty -Path $regTLS12 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
    }
ELSE {
    New-ItemProperty -Path $regTLS12 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
}

Write-Output "`nComplete!"

Save the file as “tls-reg-edit.ps1”

If saving it using notepad, change Save as type: All files (*.*)

Open a PowerShell. Change directories “cd” to the location you saved the above script to. ie. cd Downloads

Run the script with the follow command. Note you will most likely need to hit Y to allow the scripts to run.

Set-ExecutionPolicy Bypass -Scope Process ; .\tls-reg-edit.ps1

After the script runs, you’ll need to reboot your computer.

The script and information was taken from the following link. Thanks cPanel!

https://docs.cpanel.net/knowledge-base/security/how-to-configure-microsoft-windows-7-to-use-tls-version-1.2/

There is also more information at the following Microsoft link.

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

How to Enable/Disable Driver Signature Enforcement in Windows 7

Open up a command prompt with administrator privilages, either right click and Run as Administrator, or hit the Windows Key type in cmd and then hit CTRL+Shift+Enter.

Sometime you may need to turn it on so you can install a modded driver or something, other times it needs to be turned off so you can install EasyAntiCheat…

Turn On

bcdedit -set TESTSIGNING ON
bcdedit -set NOINTEGRITYCHECKS ON

Turn Off

bcdedit -set TESTSIGNING OFF
bcdedit -set NOINTEGRITYCHECKS OFF

Reboot for the changes to take effect