Showing posts with label what is smbv1. Show all posts
Showing posts with label what is smbv1. Show all posts

Wednesday 22 March 2017

Disable SMBv1 on multiple computers using PowerShell

Or, Easiest way to disable SMBv1 on multiple computers
Or, Disabling SMB V1 on multiple computers with windows PowerShell
Or, Steps for disabling SMB V1

Descriptions: Recently US-CERT has reported vulnerability with “Microsoft SMBv1”. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010 and apply the update. In this article, we will see how to disable SMB V1.0 from various operating systems.

Vulnerability Details: Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

What is SMB/SMB 1.0? SMB stands for “Server Message Block”. It is a legacy file and print sharing protocol. SMB 1.0 is a vulnerable and Microsoft has deprecated it. It has server as well as client components, so when you are thinking to disable the SMB 1.0 protocol, you should do it for both platforms (client and server).

Environment Details: You have multi-OS infrastructure and want to disable SMB 1.0 on all of them. In my case, I have following Operating Systems Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, Windows Server 2008 R2, Windows 10, and Windows 7.
I have copied all the relevant computer name in a text file and want to disable SMB 1.0 on all servers/computers that are listed in this txt file.
I have segregated the PowerShell commands in two sections (Client Side SMB and Server Side SMB) with supported cmdlets. You can choose and run whichever is suitable for your environment.

Precaution: You should test and understand the commands in your test environment first and run in the production if satisfied with the result thereafter.

Steps: Disabling SMB V 1.0 on various operating systems.

Open Windows PowerShell ISE (Run as Administrator) > Prepare for the below PowerShell commands











The text version of above commands are given below:

=========================================================================
DISABLE SERVER SIDE SMB V1 PROTOCOL
=========================================================================

# Disable SMB V1 - Windows Server 2012 R2, Windows 10 and Windows 8.1
$ComputersList = Get-Content -Path "D:\temp\testservers.txt"
Invoke-Command -ComputerName $ComputersList {Remove-WindowsFeature FS-SMB1 -NoRestart}

# Disable SMB V1 - Windows 8 and Windows Server 2012
$ComputersList = Get-Content -Path "D:\temp\testservers.txt"
Invoke-Command -ComputerName $ComputersList {Set-SmbServerConfiguration -EnableSMB1Protocol $false}

# Disable SMB V1 - Windows Server 2008, Windows Server R2, Windows 7 and Windows Vista
$ComputersList = Get-Content -Path "D:\temp\testservers.txt"
Invoke-Command -ComputerName $ComputersList {Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force}


=========================================================================
DISABLE CLIENT SIDE SMB V1 PROTOCOL
=========================================================================

# Disable SMB V1 - Windows Server 2012 R2, Windows 10 and Windows 8.1
$ComputersList = Get-Content -Path "D:\temp\testservers.txt"
Invoke-Command -ComputerName $ComputersList {Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart}

# Disable SMB V1 - Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
$ComputersList = Get-Content -Path "D:\temp\testservers.txt"
Invoke-Command -ComputerName $ComputersList {sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi}
Invoke-Command -ComputerName $ComputersList {sc.exe config mrxsmb10 start= disabled}

Updated: 25/03/2017
IMP Note: 
1. Please replace the computer list input path with the one you are having in your environment.
2. Please replace "Remove-WindowsFeature FS-SMB1 -NoRestart" with "Uninstall-WindowsFeature -Name 'FS-SMB1'" in case the first command failed.


IMP References: If you want to know more about SMB V 1.0 and related information, you must check below KBs.






Cheers, Please write me back if you have any query of feedback on this.