Forum Discussion
Disable SMBv1
Hello, I'm in the process of disabling SMBv1 for large scale servers. I made a script for this, and this results that SMBv1 on registry and feature level is almost disabled or does not exist everywh...
Yes, exactly what you say, that's what I thought too.
The first 2 steps in my believing should be enough, but I'm going to do the last step anyway.
The only reason I'm asking this is because I want to make sure I can do the last step so (Set-SmbServerConfiguration -EnableSMB1Protocol $false) without any risk.
So assuming that the first 2 steps have been performed and so the feature is disabled, this should mean that SMBv1 is no longer used.
So when I perform the last step, I actually want to be sure (provided that the feature is disabled) whether this has no consequences that SMB1 is used in one way or another or something like that if you understand what I mean.
The first 2 steps in my believing should be enough, but I'm going to do the last step anyway.
The only reason I'm asking this is because I want to make sure I can do the last step so (Set-SmbServerConfiguration -EnableSMB1Protocol $false) without any risk.
So assuming that the first 2 steps have been performed and so the feature is disabled, this should mean that SMBv1 is no longer used.
So when I perform the last step, I actually want to be sure (provided that the feature is disabled) whether this has no consequences that SMB1 is used in one way or another or something like that if you understand what I mean.
In that case, I would only disable SMB1 protocol (third step) first - a rollback will only require to turn it on again.
Uninstalling the Windows feature means uninstall binaries - a rollback will require more work.
You may wish to audit your server for SMB1 usage before any change. A Powershell one-liner is enough to do that : Set-SmbServerConfiguration -AuditSmb1Access $true
Check this for more info : https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
Uninstalling the Windows feature means uninstall binaries - a rollback will require more work.
You may wish to audit your server for SMB1 usage before any change. A Powershell one-liner is enough to do that : Set-SmbServerConfiguration -AuditSmb1Access $true
Check this for more info : https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
- I already did a check myself, and this check shows that the feature is disabled everywhere
The only thing that is enabled at server level is based on the following protocol "Get-SmbServerConfiguration | Select EnableSMB1Protocol".
So I only have 1 step left to perform which is: "Set-SmbServerConfiguration -EnableSMB1Protocol $false" to disable this protocol too.
How do I audit SMBv1 usage? Or is that no longer necessary in this case?- If you removed SMB1 binaries, my guess is the server is already unable to respond using the corresponding protocol - I'm pretty sure you are safe if you disable SMB1 protocol.
From my link : "When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1."- Thank you.