top of page

PowerShell Script Disable SMBv1

Server Message Block (SMB) is a network file sharing protocol that allows applications and users to read and write to files and request services from server programs in a computer network. SMB Version 1 (SMBv1) is the original version of this protocol and has been around since the 1980s. Here’s a detailed overview of SMBv1, including its history, features, and security concerns.​​

History and Evolution

  1. Introduction:

    • SMBv1 was originally developed by IBM and has been adopted and extended by Microsoft. It became a standard protocol for network file sharing on Windows systems.

  2. Subsequent Versions:

    • Over time, SMB has evolved with SMBv2 and SMBv3 being introduced to address the limitations and security issues of SMBv1. These newer versions offer better performance, more features, and enhanced security.

Features of SMBv1

  1. File and Printer Sharing:

    • Allows users to share files and printers over a network, making resources accessible across different devices.

  2. Network Browsing:

    • Supports network browsing capabilities, enabling users to see available shared resources on the network.

  3. Interoperability:

    • Facilitates communication between different operating systems, such as between Windows and Unix/Linux systems, using implementations like Samba.

PowerShell Lock

Security Concerns with SMBv1

  1. Vulnerabilities:

    • SMBv1 has several well-known vulnerabilities that have been exploited by malware, most notably the WannaCry ransomware attack in 2017.

  2. Lack of Encryption:

    • SMBv1 does not support encryption, making it susceptible to man-in-the-middle attacks where data can be intercepted and tampered with.

  3. Legacy Protocol:

    • As an older protocol, SMBv1 lacks many of the security features and performance improvements found in later versions (SMBv2 and SMBv3).

Disabling SMBv1

Due to its security risks, it is highly recommended to disable SMBv1 on systems where

it is not absolutely necessary. Here’s how to disable SMBv1 on a Windows machine:

PowerShell Script Disable SMBv1 and Verify / NoReboot

# Disable SMBv1
# See below for other versions
# Used to manage SMB v1 Can Be Exploited
# Set to NoRestart so system will need a reboot at some point 
# Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
$SystemSMB = Read-Host "Enter Server Name"
Invoke-Command $SystemSMB -Scriptblock {
   $Array1 = @()
   #SMB v1 (client and server) Detect
   $InstallState1=Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol | Select -ExpandProperty State
   $Array1+= "`n`n$Env:Computername - SMBv1 - $InstallState1`n`n"
   #SMB v1 (client and server) Disable:
   $Doit=Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart
   $InstallState2=Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol | Select -ExpandProperty State
    $Array1 += "`n`n$Env:Computername - SMBv1 - $InstallState2`n`n"
    Return $Array1
}

bottom of page