Problem
When running SolarWinds Deployment Health or Active Diagnostics, you may encounter the warning:
"Check if TLS 1.0 is disabled""Check if TLS 1.1 is disabled"
The official Knowledge Base article provides a manual resolution:
How to disable TLS 1.0 or 1.1 by updating the Windows registry or using IIS Crypto for the SolarWinds Platform
Why Do This Manually?
Instead of manually modifying registry settings or installing IIS Crypto, this PowerShell script automates the process for you.
Introducing Disable-LegacyTLS.ps1
This script:
Disables TLS 1.0 and TLS 1.1 for both Client and Server configurations.
Works locally or remotely on multiple SolarWinds pollers.
Eliminates the need for IIS Crypto or Regedit navigation.
Automatically checks admin privileges and elevates permissions if needed.
Provides an optional reboot prompt after making changes.
How to Use the Script
Step 1: Download the Script
Save Disable-LegacyTLS.ps1 to a secure location on your system.
Step 2: Open PowerShell as Administrator
- Right-click Start and select PowerShell (Admin)
- If you forget, the script will remind you and offer to elevate privileges automatically.
Step 3: Run the Script
Option A: Run on the Local Machine
.\Disable-LegacyTLS.ps1
The script will prompt you for confirmation before making any changes.
Option B: Run on a Remote Machine
.\Disable-LegacyTLS.ps1 -ComputerName "<ComputerName>"
Replace <ComputerName> with the actual name of the remote server.
Option C: Force Execution Without Prompts
.\Disable-LegacyTLS.ps1 -Force
This bypasses all confirmation prompts and applies changes immediately.
What the Script Does
Checks for Administrative Privileges
- If not running as admin, the script offers to relaunch with elevated permissions.
Validates Connectivity to Remote Machines
- Ensures the target machine is reachable before modifying the registry.
Modifies Registry Settings
- Creates necessary registry keys if they do not exist.
- Sets
Enabled to 0 for TLS 1.0 and TLS 1.1 (both Client & Server).
Displays Results
- Shows success or failure for each registry change.
Handles Reboots (Optional)
- If changes were applied, a prompt asks whether to restart the machine.
- Restart is required for changes to take effect.
Expected Output Example
Upon successful execution, you’ll see output similar to:
TLS 1.0 and TLS 1.1 Disablement Script=======================================Targeting remote server: MyServer01Modifying registry settings...[Success] SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server[Success] SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client[Success] SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server[Success] SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ClientRegistry modification complete.NOTE: Changes to TLS settings require a system restart to take effect.Do you want to restart the computer now? (Y/N)
Important Notes
- A system reboot is required for changes to take effect.
- The script does not modify TLS 1.2 or TLS 1.3 settings.
- Remote execution may require WinRM access and proper credentials.
That's It! 
With Disable-LegacyTLS.ps1, you can quickly enforce modern TLS security standards without manual effort.