IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019. It also lets you reorder SSL/TLS cipher suites offered by IIS, change advanced settings, implement Best Practices with a single click, create custom templates and test your website.
Share your videos with friends, family, and the world. Encrypto lets you encrypt files before sending them to friends or coworkers. Drop a file into Encrypto, set a password, and then send it with added security. If this package isn't up. Names, email addresses, and phone numbers are NOT saved in the e-sign template. Signer roles are saved (roles are autogenerated for signers without a role). Encrypto is a Stage 3 Cupiditas-Ware corrupted Aurum-Gram. He is notorious for being quite a jerk and thirsty for blood and power. However, he wasn't always like this. Encrypto has a Cape-Like thing and wears the crown of Princess Miranda.
- Single click to secure your website using Best Practices
- Backup the registry before making any updates
- Change advanced registry settings
- Built in Best Practices, PCI 3.2, Strict and FIPS 140-2 templates
- Create custom templates that can be saved and run on multiple servers
- Revert back to the original server's default settings
- Stop DROWN, logjam, FREAK, POODLE and BEAST attacks
- Enable TLS 1.1 and 1.2
- Enable forward secrecy
- Reorder cipher suites
- Disable weak protocols and ciphers such as SSL 2.0, 3.0, MD5 and 3DES
- Site Scanner to test your configuration
- Command line version
What Does IIS Crypto Do?
IIS Crypto updates the registry using the same settings from this article by Microsoft. It also updates the cipher suite order in the same way that the Group Policy Editor (gpedit.msc) does. Additionally IIS Crypto lets your create custom templates that can be saved for use on multiple servers. The command line version contains the same built-in templates as the GUI version and can also be used with your own custom templates. IIS Crypto has been tested on Windows Server 2008, 2008 R2 and 2012, 2012 R2, 2016 and 2019.
IIS Crypto requires administrator privileges. If you are running under a non-administrator account, the GUI version will prompt for elevated permissions. The command line version must be run from a command line that already has elevated permissions.
Downloads
IIS Crypto is offered in both a GUI and a command line version. Click here to choose your version and download.
Custom Templates
IIS Crypto allows you to create your own custom templates which can be saved and then executed on multiple servers. To create your own template, select all of the settings for your configuration. Click on the Templates button and give your template a name, author and description if desired. Then click on the Save button to save your template to disk. Copy your template to another server, run IIS Crypto and click on the Open button to load your template. You can also use it from the command line version of IIS Crypto.
The template format has been simplified in IIS Crypto 3.0. Old templates are automatically upgraded when loaded, however, if you save a new template it will only open in IIS Crypto 3.0 and later.
Load the Best Practices template before you start customizing your own template to ensure your template is setup securely. If your template is in the same folder as IIS Crypto it will show up automatically in the drop down box without having to click the Open button first.
Command Line Help
The following are the switches for the command line version of IIS Crypto. All parameters are optional.
Switch | Option | Description |
---|---|---|
/backup | <filename> | Specify a file to backup the current registry settings too. |
/template | default | This template restores the server to the default settings. |
best | This template sets your server to use the best practices for TLS. It aims to be compatible with as many browsers as possible while disabling weak protocols and cipher suites. | |
pci32 | This template is used to make your server PCI 3.2 compliant. It will disable TLS 1.0 and 1.1 which may break client connections to your website. Please make sure that RDP will continue to function as Windows 2008 R2 requires an update. See our FAQ for more information. | |
strict | This template sets your server to use the strictest settings possible. It will disable TLS 1.0 and 1.1 and all non forward secrecy cipher suites which may break client connections to your website. Please make sure that RDP will continue to function as Windows 2008 R2 requires an update. See our FAQ for more information. | |
fips140 | This template makes your server FIPS 140-2 compliant. It is similar to the Best Practices template, however, it is not as secure as Best Practices because some of the weaker cipher suites are enabled. | |
<filename> | Specify the filename of a template to use. | |
/reboot | Reboot the server after a template is applied. | |
/help|? | Show the help screen. |
Here is an example that backs up the registry to a file named backup.reg, applies a custom template named MyServers.ictpl and reboots the server:
Support
Please take a look at our FAQ. If you have any other questions, feel free to contact us.
Test Your Site
In order to test your site after you have applied your changes, click the Site Scanner button, enter in the URL and click the Scan button. You can also scan online from here:
Additional Information
Here are some additional resources you may find useful:
- Default cipher suite order for all Windows Server versions
- List of all cipher suites supported in each version of Windows
- Additional cipher suites supported in Windows Server 2008 R2 and above with updates applied
- SSL/TLS Best Practices
- DROWN attack
- logjam information
- POODLE information
- FREAK information
- Updated BEAST information
Introducing the limited edition Vanguard Encrypto
Encrypto For Windows
The Vanguard Encrypto also called “the world’s first functional Bitcoin watch” is our newly launched limited edition.
The Vanguard Encrypto was launched in partnership with cryptocurrency trading platform Regal Assets and bears a Bitcoin logo and a QR code of Bitcoin’s genesis block.
The dial effectively includes a laser-etched QR code for a public wallet address that can be used to deposit Bitcoins and check the balance of the account. To allow this secure process a sealed USB stick is included with the watch to store the private key.
How does this work?
Bitcoin wallets are made up of two parts, a public address and a private address, most people are used to having both addresses in the same electronic device, however experienced early bitcoin adopters use a different method.
The Vanguard Encrypto uses offline generated, non-deterministic TRNGs (True Random Numbers Generated) paper wallet style storage. As mentioned this method for storing bitcoin is quite popular among long term bitcoin holders and early adopters due to its massive security advantage and peace of mind. However rather than relying on slips of papers, users can just scan their dial.
Each timepiece comes as two piece “Deep Cold Storage” set. Users can add their Bitcoin to their wallet or check their balance directly through the dial. The watch’s QR code and cold storage systems were designed in partnership with Regal Assets, a renowned crypto investment company with offices in the US, Canada, the UK and the UAE. Regal Assets made headlines in 2017 by being the first company to receive a government issued license to trade cryptos in its deep cold storage vault, as covered by Bloomberg.
n','url':'https://youtu.be/3d0_xoBKOvs','width':854,'height':480,'providerName':'YouTube','thumbnailUrl':'https://i.ytimg.com/vi/3d0_xoBKOvs/hqdefault.jpg','resolvedBy':'youtube'}'>'>
The Collection
The Vanguard Encrypto is available in Stainless Steel, Rose Gold, Titanium and Carbon. It comes with a hand sewn alligator strap with rubber on the other side of the folding buckle. Functions include hours, minutes, seconds and date at 6 o’clock. The Encrypto, is tastefully designed using the QR code of SatoshiNakamoto’s Genesis Blockaddress, with striking and distinct numerals which complements and blends with the bitcoin logo.
True to our objectives, the Encrypto successfully combined technical innovation, revolutionary design and craftsmanship that represents the finest quality in the Swiss watchmaking industry allowing the wearer of the timepiece to have never before experienced, emotional and personal impact with his creation. While the watch serves not only its purpose of telling time but also acts as a gateway to accessing the millennial gold of this era. It is truly an impressive and remarkable creation.
For more information regarding this limited edition Vanguard line, contact : support@franckmullercrypto.com
Franck Muller Encrypto
The Encrypto can be purchased by bitcoin. For the complete line of Encrypto time pieces and other technical information, please go to www.franckmullerencrypto.com