First published on TECHNET on Dec 20, 2018
Recently I performed a RaaS with a customer and it provided a new recommendation that I thought would be great to pass along to you.
Disable SMB1 on your server.
This is an amazing suggestion as we have other versions of the protocol to do the work for you and due to the mess caused by the Wannacrypt ransomware it has become obvious that we should clean up these older protocols. And if you can’t remember SMB or Server Message Block is a network file sharing protocol meant for sharing files, printers, etc, between computers. There are three versions – Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3).
Follow these steps to Disable the protocol on a per Server basis
For Windows 7, Windows 2008, and Windows 2008 R2 via PowerShell (This requires a reboot of the server)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
For Windows 8.1, and Windows 10 via PowerShell
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
For Windows 2012 R2, and Windows 2016 via PowerShell
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
For more info check this article
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.