Forum Discussion
Disable SMBv1
Hello, I'm in the process of disabling SMBv1 for large scale servers. I made a script for this, and this results that SMBv1 on registry and feature level is almost disabled or does not exist everywh...
Hello,
It would depends on what you did through your script. Did you disable SMB1 server side first then uninstall the feature after that ? Something else ? Did you restart target computers ?
On a brand new WS 2019/2022, EnableSMB1Protocol is set to "$false" and Windows Optional feature is set to "Disabled".
It would depends on what you did through your script. Did you disable SMB1 server side first then uninstall the feature after that ? Something else ? Did you restart target computers ?
On a brand new WS 2019/2022, EnableSMB1Protocol is set to "$false" and Windows Optional feature is set to "Disabled".
Thanks for your reply.
No, I haven't done anything yet. I have been asked to investigate where SMBv1 is still enabled.
And my script only checked where SMBv1 is still enabled on server level.
The check actually does 3 steps:
1. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
2. Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
3. Get-SmbServerConfiguration | Select EnableSMB1Protocol
This showed that based on the last step, SMBv1 is still set to True.
Based on the first 2 steps, SMBv1 is disabled.
So my question is, are the first 2 steps sufficient to disable SMBv1, apart from the fact that I can disable it with the command below. Or should the latter also be set to false, and is SMBv1 still in use if the first 2 steps are off except for the last 1?
Set-SmbServerConfiguration -EnableSMB1Protocol $false
I don't understand what the difference is between the first 2 steps and the last step?
No, I haven't done anything yet. I have been asked to investigate where SMBv1 is still enabled.
And my script only checked where SMBv1 is still enabled on server level.
The check actually does 3 steps:
1. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
2. Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
3. Get-SmbServerConfiguration | Select EnableSMB1Protocol
This showed that based on the last step, SMBv1 is still set to True.
Based on the first 2 steps, SMBv1 is disabled.
So my question is, are the first 2 steps sufficient to disable SMBv1, apart from the fact that I can disable it with the command below. Or should the latter also be set to false, and is SMBv1 still in use if the first 2 steps are off except for the last 1?
Set-SmbServerConfiguration -EnableSMB1Protocol $false
I don't understand what the difference is between the first 2 steps and the last step?