How To Disable Smbv1 In Windows Server 2016

Disable SMBv1 to foreclose prevent Petya / NotPetya, WannaCry / WanaCrypt0r ransomware spreading through your network. These worm viruses exploit a vulnerability in Windows Server Message Block (SMB) version ane (SMBv1), and spread similar wildfire. It is urged yous disable SMBv1 in your Windows variant (Windows 10, eight.1, Server 2016, 2012 R2), and here is how if yous haven't washed so yet.

The WannaCry ransomware spread across the globe in May 2017. Learn how this ransomware attack spread and how to protect your network from similar attacks like Petya/NotPetya.

What is Server Message Cake (SMB) in Windows?

Windows Server

The Server Bulletin Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The prepare of message packets that defines a particular version of the protocol is called a dialect. The Common Net File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.

The technical reference to CIFS is bachelor from Microsoft Corporation at Mutual Internet File System (CIFS) File Access Protocol.

SMB1 is used in Windows XP and earlier (information technology's nearly 30 years old!). The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008, while the SMBv3 protocol was introduced in Windows eight and Windows Server 2012. To be edgeless: SMB1 is old, not efficient, and at present also vulnerable. Disable it now, stop using SMB1!

Windows 10 is not vulnerable to the WannaCry ransomware, but information technology's nonetheless recommended to disable SMB1 if it'southward enabled on your system.

The exploit code used by WannaCrypt was designed to piece of work only against unpatched Windows 7 and Windows Server 2008 (or earlier Bone) systems, so Windows ten PCs are non affected by this attack.

WannaCrypt ransomware worm targets out-of-date systems – Microsoft Technet

Disable SMBv1 using PowerShell

Remember, you have the SMB Server (or service), for creating a file share, and you take a SMB Client for accessing information technology. Here y'all'll find more than 1 way to disable the services on both SMB server and SMB client.

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

Annotation: When you enable or disable SMBv2 in Windows eight or in Windows Server 2012, SMBv3 is too enabled or disabled. This beliefs occurs because these protocols share the same stack. Alarm: Do not disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure out. Do not go out SMBv2 or SMBv3 disabled, just SMBv1.

You do not have to restart the computer after you run the Ready-SMBServerConfiguration cmdlet.

To obtain the current land of the SMB server protocol configuration, run the following cmdlet in Windows Server 2012, 2012 R2 and Windows Server 2016 and upward:

          Go-SmbServerConfiguration | Select EnableSMB1Protocol        

For Windows Server 2008 R2 and below, use:

          Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1        

To disable SMBv1 on the SMB server, run the following cmdlet:

          Prepare-SmbServerConfiguration -EnableSMB1Protocol $false        

To disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you tin use Windows PowerShell, the Registry Editor or a GPO.

If you're using Windows PowerShell version two.0 or higher:

          Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Forcefulness        

In the Registry Editor, modify the registry key

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1        

entry from 1 to 0 to disable the LanmanServer service (0 is disabled, the default is 1 which ways enabled).

SMB client:
You can use the SC tool to disable the SMB v1 customer:

          sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled        

To disable, and gracefully remove, SMBv1 in Windows viii.one, Windows x (client), utilise the Disable-WindowsOptionalFeature cmdlet:

          Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol        

Yous can find more information at Microsoft Support and The Deprecation of SMB1 – You should be planning to get rid of this quondam SMB dialect.

Protip: while y'all're at information technology read my important 4 security measurements for Windows Server & IIS. Also, verify you lot've disabled SSLv3, TLS 1.0, and TLS 1.1. Acunetix provides you lot with 8 tips to secure your IIS installation!

Disable SMB1 using Group Policy Administrative Templates

Group Policy Central writes well-nigh how to disable SMB1 using Grouping Policy Administrative Templates. This makes it easier for you lot to disable Server Bulletin Block protocol version 1 to forbid WannaCry throughout your entire Active Directory domain(s).

And here's how:

To brand information technology easier to disable SMB1 in your surround Microsoft has now release an ADMX/ADML file that adds defines the required registry keys and so they tin can be configured as Administrative Template setting.

To get the SMB1 policy setting visit https://blogs.technet.microsoft.com/secguide/2017/06/15/security-baseline-for-windows-x-creators-update-v1703-draft/ and download the Windows-x-RS2-Security-Baseline Zippo file.

Open up the ZIP file and navigate to the "Templates" binder where you then demand to excerpt the SecGuide.adml and SecGuide.ADMX files.

Group Policy Cardinal – How to Disable SMB1 using Group Policy Authoritative Templates

Using a Group Policy Object (GPO) to disable SMBv1 will prevent a WannaCry spread throughout your entire Active Directory domain(due south)!

How to verify SMBv1 is disabled in Windows and Windows Server

Sometimes yous desire the reassurance you lot did something right in the past. Suppose you desire to want to examination if Windows versions older than Windows x and Windows Server 2016 have SMBv1 disabled, then you utilize PowerShell to verify the following registry value is not present or gear up to 0:

          HKLM:\Arrangement\CurrentControlSet\Services\LanmanServer\Parameters\SMB1        

In PowerShell, you can get all your computers and servers in your Active Directory Domain using Get-ADComputer, and y'all can query that list with Invoke-Control to verify SMBv1 is disabled.

For example:

          Get-ADComputer -Filter {(enabled -eq $True) -and (OperatingSystem -Like "Windows Server*")} | % { 	invoke-command -ComputerName $_.DNSHostName -scriptblock { 		If ( (Go-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters").SMB1 -eq i ) { 			Write-Output "SMBv1 is enabled on ${env:computername}" 		} 	} }        

This is i of those ways to increase Windows Server security in your environment. You lot may find more data in Microsoft'due south Back up article "How to discover, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server".

Hi, my name is Jan. I am non a hacker, coder, programmer or guru. I am merely a systems administrator, doing my daily matter at Vevida (part of Yourhosting) / CLDIN.

If you want a more advert- and tracking-free website experience, please BackMe with a small donation (backme.org) or Paypal.

Source: https://www.saotn.org/disable-smbv1-windows-10-windows-server/

Posted by: williamsstairdle1946.blogspot.com

Share this post