I recently published an article and a gist howto disable SMBv1 with PowerShell and DSC. Now some asked if there is an easy way to do that and to avoid the DSC usage.
Here is a very simple way to disable SMBv1 on Windows 8, or newer, and Windows Server 2012, or newer:
# To disable SMBv1 on the SMB server, run the following cmdlet (Windows 8/Windows Server 2012, or newer):
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Here is an easy way to check if SMBv1 is enabled, or not:
# To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol
This return a Bool.
For older systems, like Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008, use this:
# For older systems, like Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name SMB1 -Type DWORD -Value 0 -Force
If you don’t like the PowerShell way (why ever), here is an old school way:
rem This is the Service Controller to disable the SMV1 usage on the local system.
rem My advice: Learn Powershell as soon as possible, this is really old school and you should avoid it whenever possible!
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
But I think you should think about using PowerShell in the future, this is really old school!!!
Finally you should remove the SMBv1 support as mentioned in my other article:
# Completely remove the SMBv1 feature from the local Windows installation. Gain more performance and much more security
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Microsoft also published a great article about that! Most of the commands above are taken from this.