How to disable SMBv1

ransomware

Following on from the ransomware attacks of the last few days, you should have by now patched all your servers and clients using the Windows Update that relates to your operating system (see list and download links at the end of this post).

If you want more security around this then you should also disable the SMBv1 where possible. Just keep in mind that older systems and things like network scanners will use it.



To disable it, see below an extract from Microsoft on how to do it:

Windows 8 and Windows Server 2012

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

ou do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

  • To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
    Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
  • To disable SMBv1 on the SMB server, run the following cmdlet:
    Set-SmbServerConfiguration -EnableSMB1Protocol $false
  • To enable SMBv1 on the SMB server, run the following cmdlet:
    Set-SmbServerConfiguration -EnableSMB1Protocol $true

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell

  • To disable SMBv1 on the SMB server, run the following cmdlet:
    Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB1 -Type DWORD -Value 0 -Force
  • To enable SMBv1 on the SMB server, run the following cmdlet:
    Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB1 -Type DWORD -Value 1 -Force
To continue reading, please click the next page below….



Leave us a message...