Forum Discussion
Disable SMBv1
Hello, I'm in the process of disabling SMBv1 for large scale servers. I made a script for this, and this results that SMBv1 on registry and feature level is almost disabled or does not exist everywh...
I already did a check myself, and this check shows that the feature is disabled everywhere
The only thing that is enabled at server level is based on the following protocol "Get-SmbServerConfiguration | Select EnableSMB1Protocol".
So I only have 1 step left to perform which is: "Set-SmbServerConfiguration -EnableSMB1Protocol $false" to disable this protocol too.
How do I audit SMBv1 usage? Or is that no longer necessary in this case?
The only thing that is enabled at server level is based on the following protocol "Get-SmbServerConfiguration | Select EnableSMB1Protocol".
So I only have 1 step left to perform which is: "Set-SmbServerConfiguration -EnableSMB1Protocol $false" to disable this protocol too.
How do I audit SMBv1 usage? Or is that no longer necessary in this case?
If you removed SMB1 binaries, my guess is the server is already unable to respond using the corresponding protocol - I'm pretty sure you are safe if you disable SMB1 protocol.
From my link : "When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1."
From my link : "When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1."
- Thank you.