JimWolff/bpp_2017-06-19.ictpl

## bpp_2017-06-19.ictpl
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
  <header>
    <name>BestPracticePlus_2017-09-19</name>
    <author>Jim Wolff</author>
    <lastUpdated>2017-06-19T06:34:51.3047731Z</lastUpdated>
    <description>Follows best practise, but also removed weak ciphers that might still be enabled.</description>
    <builtIn>false</builtIn>
  </header>
  <schannel setClientProtocols="true">
    <clientProtocols>
      <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
      <schannelItem name="PCT 1.0" state="Disabled" />
      <schannelItem name="SSL 2.0" state="Disabled" />
      <schannelItem name="SSL 3.0" state="Disabled" />
      <schannelItem name="TLS 1.0" state="Enabled" />
      <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
      <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
    </clientProtocols>
    <serverProtocols>
      <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
      <schannelItem name="PCT 1.0" state="Disabled" />
      <schannelItem name="SSL 2.0" state="Disabled" />
      <schannelItem name="SSL 3.0" state="Disabled" />
      <schannelItem name="TLS 1.0" state="Enabled" />
      <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
      <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
    </serverProtocols>
    <ciphers>
      <schannelItem name="NULL" state="Disabled" />
      <schannelItem name="DES 56/56" state="Disabled" />
      <schannelItem name="RC2 40/128" state="Disabled" />
      <schannelItem name="RC2 56/128" state="Disabled" />
      <schannelItem name="RC2 128/128" state="Disabled" />
      <schannelItem name="RC4 40/128" state="Disabled" />
      <schannelItem name="RC4 56/128" state="Disabled" />
      <schannelItem name="RC4 64/128" state="Disabled" />
      <schannelItem name="RC4 128/128" state="Disabled" />
      <schannelItem name="Triple DES 168" state="Enabled" />
      <schannelItem name="AES 128/128" state="Enabled" />
      <schannelItem name="AES 256/256" state="Enabled" />
    </ciphers>
    <hashes>
      <schannelItem name="MD5" state="Enabled" />
      <schannelItem name="SHA" state="Enabled" />
      <schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
      <schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
      <schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
    </hashes>
    <keyExchanges>
      <schannelItem name="Diffie-Hellman" state="Enabled" />
      <schannelItem name="PKCS" state="Enabled" />
      <schannelItem name="ECDH" state="Enabled" />
    </keyExchanges>
  </schannel>
  <cipherSuites>
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384" state="Enabled" />
    <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
    <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
    <cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
    <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
    <cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
    <cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
  </cipherSuites>
</iisCryptoTemplate>
	<?xml version="1.0" encoding="utf-16"?>
	<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
	<header>
	<name>BestPracticePlus_2017-09-19</name>
	<author>Jim Wolff</author>
	<lastUpdated>2017-06-19T06:34:51.3047731Z</lastUpdated>
	<description>Follows best practise, but also removed weak ciphers that might still be enabled.</description>
	<builtIn>false</builtIn>
	</header>
	<schannel setClientProtocols="true">
	<clientProtocols>
	<schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
	<schannelItem name="PCT 1.0" state="Disabled" />
	<schannelItem name="SSL 2.0" state="Disabled" />
	<schannelItem name="SSL 3.0" state="Disabled" />
	<schannelItem name="TLS 1.0" state="Enabled" />
	<schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
	<schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
	</clientProtocols>
	<serverProtocols>
	<schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
	<schannelItem name="PCT 1.0" state="Disabled" />
	<schannelItem name="SSL 2.0" state="Disabled" />
	<schannelItem name="SSL 3.0" state="Disabled" />
	<schannelItem name="TLS 1.0" state="Enabled" />
	<schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
	<schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
	</serverProtocols>
	<ciphers>
	<schannelItem name="NULL" state="Disabled" />
	<schannelItem name="DES 56/56" state="Disabled" />
	<schannelItem name="RC2 40/128" state="Disabled" />
	<schannelItem name="RC2 56/128" state="Disabled" />
	<schannelItem name="RC2 128/128" state="Disabled" />
	<schannelItem name="RC4 40/128" state="Disabled" />
	<schannelItem name="RC4 56/128" state="Disabled" />
	<schannelItem name="RC4 64/128" state="Disabled" />
	<schannelItem name="RC4 128/128" state="Disabled" />
	<schannelItem name="Triple DES 168" state="Enabled" />
	<schannelItem name="AES 128/128" state="Enabled" />
	<schannelItem name="AES 256/256" state="Enabled" />
	</ciphers>
	<hashes>
	<schannelItem name="MD5" state="Enabled" />
	<schannelItem name="SHA" state="Enabled" />
	<schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
	<schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
	<schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
	</hashes>
	<keyExchanges>
	<schannelItem name="Diffie-Hellman" state="Enabled" />
	<schannelItem name="PKCS" state="Enabled" />
	<schannelItem name="ECDH" state="Enabled" />
	</keyExchanges>
	</schannel>
	<cipherSuites>
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384" state="Enabled" />
	<cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
	<cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
	<cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
	<cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
	<cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
	<cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
	</cipherSuites>
	</iisCryptoTemplate>