# 1. Enable TLS 1.2 for the whole System (Client & Server)
$p = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'
New-Item "$p\Client" -Force | Out-Null
New-ItemProperty -path "$p\Client" -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path "$p\Client" -name 'DisabledByDefault' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-Item "$p\Server" -Force | Out-Null
New-ItemProperty -path "$p\Server" -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path "$p\Server" -name 'DisabledByDefault' -value '0' -PropertyType 'DWord' -Force | Out-Null

# 2. Force .NET programs to use these new settings
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

Write-Host "SUCCESS! All keys added." -ForegroundColor Green
Write-Host "You MUST restart the server for this to work." -ForegroundColor Red