Since WannaCry and Petya ransomware were spreading through Windows systems in 2017, it’s recommended to have Server Message Block (SMB) version 1 disabled in Windows clients and Windows Server. Now SMBv1 is not installed by default in Windows 10 1709 and Windows Server, version 1709 and later, but how can you be sure it is disabled in older versions of Windows? Easy: PowerShell.

Sometimes you want the reassurance you did something right in the past. Suppose you want to want to test if Windows versions older than Windows 10 and Windows Server 2016 have SMBv1 disabled, then you use PowerShell to verify the following registry value is not present or is set to 0:

HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1

In PowerShell, you can get all your computers and servers in your Active Directory Domain using Get-ADComputer, and you can query that list with Invoke-Command to verify SMBv1 is disabled.

For example:

Get-ADComputer -Filter {(enabled -eq $True) -and (OperatingSystem -Like "Windows Server*")} | % {
	invoke-command -ComputerName $_.DNSHostName -scriptblock {
		If ( (Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters").SMB1 -eq 1 ) {
			Write-Output "SMBv1 is enabled on ${env:computername}"
		}
	}
}

This is one of those ways to increase Windows Server security in your environment. You may find more information in Microsoft’s Support article “How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server“.

This may interest you:   Remove ETags HTTP response header in IIS

Did this post help you solve a problem? Want to say thanks?

Did you find this post interesting? Did it help you solve a problem? If I’ve helped you out and you want to thank me, then why not buy me a coffee?

A small donation of only $5 helps out a lot in the development, research and hosting of this blog.

If I’ve helped you out and you want to thank me, why not buy me a coffee?

Thank you for your support.