Thanks for your reply.

No, I haven't done anything yet. I have been asked to investigate where SMBv1 is still enabled.
And my script only checked where SMBv1 is still enabled on server level.

The check actually does 3 steps:
1. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
2. Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
3. Get-SmbServerConfiguration | Select EnableSMB1Protocol

This showed that based on the last step, SMBv1 is still set to True.
Based on the first 2 steps, SMBv1 is disabled.

So my question is, are the first 2 steps sufficient to disable SMBv1, apart from the fact that I can disable it with the command below. Or should the latter also be set to false, and is SMBv1 still in use if the first 2 steps are off except for the last 1?
Set-SmbServerConfiguration -EnableSMB1Protocol $false

I don't understand what the difference is between the first 2 steps and the last step?

If I'm right the last step disable SMB1 protocol on the server side - without uninstalling the feature entirely (checked by the first step).

Unless I'm mistalen uninstalling the feature should be enough in theory. However, you should keep such critical security settings consistent between servers as much as possible. Thus I recommend to both configure "EnableSMB1Protocol" to "$false" AND uninstall the feature.

Yes, exactly what you say, that's what I thought too.
The first 2 steps in my believing should be enough, but I'm going to do the last step anyway.

The only reason I'm asking this is because I want to make sure I can do the last step so (Set-SmbServerConfiguration -EnableSMB1Protocol $false) without any risk.
So assuming that the first 2 steps have been performed and so the feature is disabled, this should mean that SMBv1 is no longer used.
So when I perform the last step, I actually want to be sure (provided that the feature is disabled) whether this has no consequences that SMB1 is used in one way or another or something like that if you understand what I mean.

In that case, I would only disable SMB1 protocol (third step) first - a rollback will only require to turn it on again.
Uninstalling the Windows feature means uninstall binaries - a rollback will require more work.

You may wish to audit your server for SMB1 usage before any change. A Powershell one-liner is enough to do that : Set-SmbServerConfiguration -AuditSmb1Access $true

Check this for more info : https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-d...

I already did a check myself, and this check shows that the feature is disabled everywhere
The only thing that is enabled at server level is based on the following protocol "Get-SmbServerConfiguration | Select EnableSMB1Protocol".

So I only have 1 step left to perform which is: "Set-SmbServerConfiguration -EnableSMB1Protocol $false" to disable this protocol too.

How do I audit SMBv1 usage? Or is that no longer necessary in this case?

If you removed SMB1 binaries, my guess is the server is already unable to respond using the corresponding protocol - I'm pretty sure you are safe if you disable SMB1 protocol.

From my link : "When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1."

Thank you.