A while ago, Microsoft warned about a critical issue with SMBv1. Microsoft also published updates for that Vulnerability.

The WannaCry Ransomware Attack used that Vulnerability in the SMBv1 implementation with an EternalBlue Exploit. I thing there is more to come! so my advice is to deploy critical updates as fast as possible, nothing new! And I told everyone to avoid the SMBv1 usage (by remove the support), like Microsoft did a few weeks ago.

Here is how to do that.

Remove SMBv1 on Windows 10

Remove SMBv1 on Windows 10

Wind0ws Server SMBv1

Remove SMBv1 on Windows Servers


Another option: Use DSC to enforce the SMBv1 removal.

If you don’t have DSC (and ask yourself: Why not!!!) in place, you can use DSC local on your servers as well:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#requires -Version 4.0 -Modules PSDesiredStateConfiguration

<#
	Work on any modern Microsoft Server OS
#>

# change this to any existing Path
$WorkPath = 'C:\scripts'

configuration RemoveSMB1 {
	param([string[]]$ComputerName = 'localhost')

	Import-DscResource -ModuleName PSDesiredStateConfiguration
    
	Node $ComputerName {
		# Removes SMBv1 support, if installed (enforced)
		WindowsFeature 'SMB1' {
			Name   = 'FS-SMB1'
			Ensure = 'Absent'
		}
	}
}

RemoveSMB1 -OutputPath $WorkPath
Start-DscConfiguration -Wait -Path $WorkPath

Here is the DSC MOF file (just an example):

Update:
You can use a Group Policy, for Clients and Servers, as well. something I forget to mention!