+1 to this- IISCrypto is a great tool to make this easier, and bonus: it's
available from chocolatey, thus easy to deal with from Ansible...
On Monday, July 18, 2016 at 1:07:18 AM UTC-7, Mike Fennemore wrote:
>
> I'm assuming for the security hardening you would be disabling multiple
> ciphers
I'm assuming for the security hardening you would be disabling multiple
ciphers and protocols etc. A suggestion would be to use IISCrypto to
configure the ciphers as required. Then export the relevant keys and use
the win_regedit to import the exported reg.
On Monday, July 11, 2016 at
Yep, doesn't look like there's any documented way to get the Powershell
registry provider to work right with this. Even if we could get it to work
right with the creation, it'd still break on all the Test-Path and other
calls. Only way to handle this "right" would be a complete rewrite of