Why does IIS Crypto set the Protocols Enabled value to 0xffffffff?
Originally IIS Crypto set the Protocols Enabled values to 0 or 1. However, we got a lot feedback that it broke some older software. Microsoft's own documentation states using 0xffffffff is the correct value:
However, Microsoft created a new document that contradicts the original one:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
Lately we have been getting feedback that 0xffffffff does not work with some other software. Specifically some versions of Active Directory, Exchange Server and Outlook Web Access expect Enabled set to 1. A new Override Enabled checkbox has been added to the Advanced tab. When checked and a Protocol is enabled, the value will be set to 1 instead of 0xffffffff.
New templates for overriding both the GUI and CLI versions are here: