+1 to this- IISCrypto is a great tool to make this easier, and bonus: it's
available from chocolatey, thus easy to deal with from Ansible...
On Monday, July 18, 2016 at 1:07:18 AM UTC-7, Mike Fennemore wrote:
>
> I'm assuming for the security hardening you would be disabling multiple
> ciphers and protocols etc. A suggestion would be to use IISCrypto to
> configure the ciphers as required. Then export the relevant keys and use
> the win_regedit to import the exported reg.
>
> On Monday, July 11, 2016 at 10:11:59 PM UTC+2, Matt Betts wrote:
>>
>> Hi, I'm trying to create a playbook that I can use to bring a windows
>> server up to the latest secure hardening standards and I'm stuck with
>> configuring Ciphers. An example is as follows:
>>
>> ansible {HOST} -m win_regedit -a
>> "key='HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2
>>
>> 128/128' value=Enabled data=00000000 datatype=dword state=present" -vvv
>>
>> As you can see the Key name is "RC2 128/128" and the issue I'm
>> encountering is Powershell interprets the / as a new key, irrespective of
>> the direction.
>>
>> Has anyone managed to create a playbook to do this? I've got some
>> alternatives (merging a registry file etc) but they aren't as clean. From
>> the research I've done it looks like i'm going to need to user the
>> powershell CreateSubKey function.
>>
>> Thanks,
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/98dc2c03-f6cd-41b5-a34f-9435c7ecbf6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
