Nartac Software – IIS Crypto
Posted by jpluimers on 2025/03/26
Not just for IIS, but for hardening any Windows system including ones running http.sys (like ADFS): [Wayback/Archive] Nartac Software – IIS Crypto
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016, 2019 and 2022. It also lets you reorder SSL/TLS cipher suites offered by IIS, change advanced settings, implement Best Practices with a single click, create custom templates and test your website.
…
IIS Crypto updates the registry using the same settings from this article by Microsoft. It also updates the cipher suite order in the same way that the Group Policy Editor (gpedit.msc) does. Additionally IIS Crypto lets you create custom templates that can be saved for use on multiple servers. The command line version contains the same built-in templates as the GUI version and can also be used with your own custom templates. IIS Crypto has been tested on Windows Server 2008, 2008 R2 and 2012, 2012 R2, 2016, 2019 and 2022.
IIS Crypto requires administrator privileges. If you are running under a non-administrator account, the GUI version will prompt for elevated permissions. The command line version must be run from a command line that already has elevated permissions.
FAQ: [Wayback/Archive] Nartac Software – FAQ
Download:
- [Wayback/Archive] Nartac Software – Download
- [Wayback] www.nartac.com/Downloads/IISCrypto/IISCrypto.exe
- [Wayback] www.nartac.com/Downloads/IISCrypto/IISCryptoCli.exe
Based on: [Wayback/Archive] Transport Layer Security (TLS) registry settings | Microsoft Learn
Via: [WaybackSave/Archive] sysadafterdark on X: “@rickchisholm I deploy this no matter what, so I’m not sure yet.”
--jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment