├── README.md
├── LICENSE
├── DetectSMB1Enabled.ps1
└── DisableSMB1.ps1


/README.md:
--------------------------------------------------------------------------------
1 | # disable-smb1-powershell
2 | Disabling the SMB1 Protocol with PowerShell
3 | 
4 | These scripts are intended to be used with System Center Configuration Manager, specifically as configuration items. The script to disable SMB1 could be used with Group Policy as a startup/shutdown script, or via a scheduled task (recommended).
5 | 
6 | DetectSMB1Enabled.ps1 for detection (returns a boolean value of True if SMB1 is Enabled, False if Disabled)
7 | DisableSMB1.ps1 will disable the protocol for Windows Vista, 7, 8.x, and 10 (or server equivalents).
8 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>


--------------------------------------------------------------------------------
/DetectSMB1Enabled.ps1:
--------------------------------------------------------------------------------
 1 | Try {
 2 |     [string]$OperatingSystemVersion = (Get-WmiObject -Class Win32_OperatingSystem).Version
 3 |     
 4 |     switch -Regex ($OperatingSystemVersion) {
 5 |         '(^10\.0.*|^6\.3.*)' 
 6 |             {
 7 |                 # Windows 8.1 / Server 2012 R2 / Windows 10 / Server 2016
 8 |                 if (((Get-SmbServerConfiguration).EnableSMB1Protocol) -or (((Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol).State) -match 'Enable(d|Pending)')) {
 9 |                     Return $true
10 |                 }
11 |             }
12 |         '^6\.2.*' 
13 |             {
14 |                 # Windows 8 / Server 2012
15 |                 if (((Get-SmbServerConfiguration).EnableSMB1Protocol) -or ((sc.exe qc lanmanworkstation) -match 'MRxSmb10')) {
16 |                     Return $true
17 |                 }
18 |             }
19 |         '^6\.(0|1).*'
20 |             {
21 |                 # Windows Vista / Server 2008 / Windows 7 / Server 2008R2
22 |                 if ((((Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name SMB1 -ErrorAction SilentlyContinue).SMB1) -ne '0') -or ((sc.exe qc lanmanworkstation) -match 'MRxSMb10')) {
23 |                     Return $true
24 |                 }
25 |             }
26 |         default {
27 |             Throw "Unsupported Operating System"
28 |         }
29 |     }
30 | 
31 |     Return $false
32 | 
33 | } Catch {
34 |     $LastError = $Error | Select-Object -First 1 -ExpandProperty Exception | Select-Object -ExpandProperty Message
35 |     Write-Warning -Message $LastError
36 |     Exit 1
37 | }


--------------------------------------------------------------------------------
/DisableSMB1.ps1:
--------------------------------------------------------------------------------
 1 | Try {
 2 |     [string]$OperatingSystemVersion = (Get-WmiObject -Class Win32_OperatingSystem).Version    
 3 |     switch -Regex ($OperatingSystemVersion) {
 4 |         '(^10\.0.*|^6\.3.*)' 
 5 |             {
 6 |                 # Windows 8.1 / Server 2012 R2 / Windows 10 / Server 2016
 7 |                 
 8 |                 # SMB1 Server Settings
 9 |                 if ((Get-SmbServerConfiguration).EnableSMB1Protocol) {
10 |                     Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
11 |                 }
12 | 
13 |                 # SMB1 Client Settings
14 |                 if (((Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol).State) -match 'Enable(d|Pending)') {
15 |                     Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart
16 |                 }
17 |             }
18 |         '^6\.2.*' 
19 |             {
20 |                 # Windows 8 / Server 2012
21 |                 
22 |                 # SMB1 Server Settings
23 |                 if ((Get-SmbServerConfiguration).EnableSMB1Protocol) {
24 |                     Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
25 |                 }
26 | 
27 |                 # SMB1 Client Settings
28 |                 if ((sc.exe qc lanmanworkstation) -match 'MRxSmb10') {
29 |                     Start-Process -FilePath "$env:windir\System32\sc.exe" -ArgumentList 'config lanmanworkstation depend= bowser/mrxsmb20/nsi' -WindowStyle Hidden
30 |                     Start-Process -FilePath "$env:windir\System32\sc.exe" -ArgumentList 'config mrxsmb10 start= disabled' -WindowStyle Hidden
31 |                 }
32 |             }
33 |         '^6\.(0|1).*'
34 |             {
35 |                 # Windows Vista / Server 2008 / Windows 7 / Server 2008R2
36 |                 
37 |                 # SMB1 Server Settings
38 |                 if (((Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name SMB1 -ErrorAction SilentlyContinue).SMB1) -ne '0') {
39 |                     Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name SMB1 -Type DWORD -Value 0 -Force -ErrorAction SilentlyContinue
40 |                 }
41 | 
42 |                 # SMB1 Client Settings
43 |                 if ((sc.exe qc lanmanworkstation) -match 'MRxSmb10') {
44 |                     Start-Process -FilePath "$env:windir\System32\sc.exe" -ArgumentList 'config lanmanworkstation depend= bowser/mrxsmb20/nsi' -WindowStyle Hidden
45 |                     Start-Process -FilePath "$env:windir\System32\sc.exe" -ArgumentList 'config mrxsmb10 start= disabled' -WindowStyle Hidden
46 |                 }
47 |             }
48 |         default {
49 |             Throw "Unsupported Operating System"
50 |         }
51 |     }
52 | 
53 |     Exit 0
54 | 
55 | } Catch {
56 |     $LastError = $Error | Select-Object -First 1 -ExpandProperty Exception | Select-Object -ExpandProperty Message
57 |     Write-Warning -Message $LastError
58 |     Exit 1
59 | }


--------------------------------------------------------------------------------