For those interested, I've run that script on my Windows 2008 R2 box, it worked without a hitch and took me from an F to a C. I then manually added TLS 1.2, rebooted and now I am at a B. A few more bits to do and we'll get an A.
[image: Inline images 1] On 4 November 2015 at 12:45, Paul Glavich <subscripti...@theglavs.com> wrote: > I have run that script on our staging and production servers. Works well. > > > > Take a registry backup prior. Run it. If issues, then restore. > > > > > > - Glav > > > > *From:* ozdotnet-boun...@ozdotnet.com [mailto: > ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Greg Keogh > *Sent:* Tuesday, 3 November 2015 12:00 PM > *To:* ozDotNet <ozdotnet@ozdotnet.com> > *Subject:* Re: [OT] SSL testing > > > > *"An F grade is unacceptably bad, definitely something he needs to get > sorted. Hold the web developer / company accountable for that."* > > > > I could barely sleep last night knowing that I'd flunked with an F. The > trouble is, I don't know who to blame (I am the *developer* and the > *company*!!). My web server is a pretty vanilla Win2008R2 install and I > got the cert from Comodo 6 months ago. I sort of expected that regular > Windows Updates would be fixing this sort of thing, or perhaps I'd get some > sort of security alert somehow. Why are out-of-the-box servers falling > behind best security practises? > > > > I want my server to get an A, but the script I mentioned before worries me > and I'd prefer some specific and trustworthy instructions from somewhere > like TechNet, a KB or MSDN to tell me exactly what to do. > > > > *Greg K* >