Skip to content
Rorymon Logo
  • Blogroll
  • About
  • Contact
Menu
  • Blogroll
  • About
  • Contact
Twitter Linkedin Rss
  • All Articles
  • Applications
    • App Compatibility
    • App Deployment
    • App Virtualization
      • App-V
        • Decision Matrix
        • App-V 4.x Recipes
        • App-V 5.x Recipes
        • App-V Videos
      • AppSense StrataApps
      • Cameyo
      • Evalaze
      • Frame
      • Numecent CloudPaging
      • P-Apps
      • ThinApp
      • Turbo
      • Workspace Streaming
      • XenApp Profiling
    • Containers
    • Layering
      • App Volumes
      • Citrix App Layering
      • FlexApp
      • Unidesk
  • Citrix
    • AppDNA
    • Citrix App Layering
    • Citrix Monitoring
    • Citrix Profiling
    • Citrix XenApp
  • Microsoft
    • ACT
    • Azure
    • BitLocker
    • Hyper-V
    • inTune
    • MDOP
      • AGPM
      • APP-V
      • DaRT
      • MBAM
      • MED-V
    • RDS
    • System Center
      • SCCM
      • SCOM
    • WDS
    • Windows
      • Windows 7
      • Windows 8
      • Windows 10
      • Windows Server 2012
  • VMware
    • App Volumes
    • ThinApp
  • Downloads
  • Podcast

Using App-V for Legacy TLS

  • Rory Monaghan
  • May 26, 2018

This post is titled ‘Using App-V for Legacy TLS’ but could be applied for various different Internet Explorer settings. I picked TLS because I was speaking with a former colleague who was approached by his management about needing to disable legacy versions of TLS right away, he was concerned that various web apps required it and they didn’t have any workaround for those to continue to function.

One of the brightest App-V MVPs, Dan Gough posted about the ability to override GPO with App-V 5.1. Many aren’t aware of the fact you can do this! In fact, you can even do this with some versions of 4.x too. I’m not interested in lifting from Dan’s blogpost but you will want to follow his post to allow any settings in your App-V package to take precedence over what’s set via Group Policy.

As this is a setting on the client side, this will take effect globally so keep that in mind for future apps.

Well with 5.2 based systems (Win10/2016) we now can include policies in the #AppV package and have them override GPO deployed natively.

— Timothy Mangan (@TimothyMangan) May 30, 2018

Updated: As pointed out by Tim. I am referring to Group Policy Preferences here. I was too vague at the top when stating various different IE settings.

In this example, let’s say we have a web app that requires TLS 1.1. My security baseline group policy which contains my IE preferences only enables 1.2. My web app requires 1.1, I could silo the app off to a separate RDSH farm and set the TLS 1.1 via GPO for that OU but it’s a bloated expensive solution and one which is still very insecure.

Instead, I’m just going to spin up my App-V Sequencer VM which is not domain joined is running Windows 7 and has Internet Explorer 11 on it. Before sequencing, I launch Internet Explorer 11 and ensure the TLS 1.1 is NOT ENABLED.

Now during sequencing all I need to do during the sequencing is install whatever other components are required e.g. maybe a legacy version of Java is needed or if nothing else is required, I launch IE and just enable the TLS 1.1 setting. In the package I create a shortcut launching Internet Explorer with my URL as an argument\parameter.

Once deployed, I now have a shortcut that when launched opens IE to the site which requires TLS 1.1 and it has the TLS 1.1 setting. Now, if I just go to my local IE 11 on my server or desktop, I’ll see my security baseline is still in effect and so TLS 1.1 is not enabled here.

I, of course suggest you use this sparingly and only as a workaround whilst getting your vendors to update their crapplication to use the more secure latest version.

Robert Hickerson

App-V TLS,How to set TLS 1.1 Per Site,Setting TLS Per Site,Using App-V to Override GPO
PrevPreviousEpisode 21 – GDPR Goes Live, VPNFilter Malware, VMware Okta Partnership & More
NextEpisode 22 – VMware Horizon 7.5, XenServer 7.5, GDPR Results & MoreNext
Rory Monaghan

Rory Monaghan

Microsoft MVP. Citrix CTP. VMware EUC Champion & vExpert.
Twitter Linkedin Rss Vimeo Youtube Soundcloud

Speaker Sessions

I'm not speaking at any events at the moment.

Get the App-V Decison Matrix and Interactive Tool.

See what the right deployment option for your applications is.
Let's Go!
FREE TOOL
Further Reading

Windows 10 Migration Checklist

We'll virtualise your 5 most complex apps for FREE
Learn More

Let's make virtualization EASIER!

Be amongst the first to know when I publish new reviews, guides and tools to simplify your virtualization projects.

Categories
  • All Articles
  • Application Compatibility
  • Application Virtualization
  • Containers
  • Citrix XenApp
  • Application Layering
Connect
  • Blogroll
  • About
  • Contact
Twitter Linkedin Rss Vimeo Youtube Soundcloud

© Copyright Rorymon.com. All rights reserved 2022.

Privacy   |   Cookies
Marketing Services by Riabro.