Skip to content

Mitigate the WannaCry risk without DSC

I recently published an article and a gist howto disable SMBv1 with PowerShell and DSC. Now some asked if there is an easy way to do that and to avoid the DSC usage.

Here is a very simple way to disable SMBv1 on Windows 8, or newer, and Windows Server 2012, or newer:

# To disable SMBv1 on the SMB server, run the following cmdlet (Windows 8/Windows Server 2012, or newer):
Set-SmbServerConfiguration -EnableSMB1Protocol $false

Here is an easy way to check if SMBv1 is enabled, or not:

# To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol

This return a Bool.

For older systems, like Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008, use this:

# For older systems, like Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name SMB1 -Type DWORD -Value 0 -Force

If you don’t like the PowerShell way (why ever), here is an old school way:

rem This is the Service Controller to disable the SMV1 usage on the local system.
rem My advice: Learn Powershell as soon as possible, this is really old school and you should avoid it whenever possible!
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

But I think you should think about using PowerShell in the future, this is really old school!!!

Finally you should remove the SMBv1 support as mentioned in my other article:

# Completely remove the SMBv1 feature from the local Windows installation. Gain more performance and much more security
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Microsoft also published a great article about that! Most of the commands above are taken from this.

This content is older than 2 years. It might be outdated.
Published inHowToPowerShell

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *