I was trying to disable smbv1 using bigfix fixlet. Is it possible to run script with BigFix version of 10.0.2? I have tried 2 commands however it went nowhere. Is there any other option than these?
-------start command 1-------
waithidden sc.exe config mrxsmb10 start= disabled
action requires restart “SMBv1_DisableService”
–result–
server not able to be accessed directly using RDP
--------start command 2-------
// Disable wow64 redirection on x64 OSes
action uses wow64 redirection {not x64 of operating system}
delete __createfile
// CREATEFILE
createfile until END_OF_FILE
// REPLACE THE FOLLOWING WITH THE SCRIPT YOU WANT TO RUN ON THE ENDPOINT
Set-SmbServerConfiguration -EnableSMB1Protocol $false
END_OF_FILE
delete powershell.ps1
move __createfile powershell.ps1
waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File powershell.ps1
–result–
it’s running with no end.
What’s the target operating system / version ? My recollection is that some versions of Windows had service dependencies such that SMBv2 depended on SMBv1 and we had to remove those dependencies in the services configuration before disabling SMBv1…
Ah, ok, I found them…we actually have out-of-box fixlets for this (that handle the SMB dependencies as well). Check for these Fixlets in the “Patches for Windows” Site:
269654707 2696547: Manage SMBv1 in Windows and Windows Server - Disable Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows Server 2012 R2 / Windows Server 2016 - KB2696547
269654705 2696547: Manage SMBv1 in Windows and Windows Server - Enable Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows Server 2012 R2 / Windows Server 2016 - KB2696547
269654703 2696547: Manage SMBv1 in Windows and Windows Server - Disable Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista / Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 - KB2696547
269654701 2696547: Manage SMBv1 in Windows and Windows Server - Enable Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista / Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 - KB2696547
1 Like
Its 2012. 2012 R2, 2016 and 2019 windows servers. But the KB seems relevance to few of the servers meanwhile i have a lot of servers require disabling smbv1.
…are you sure?
SMBv1 is not installed by default on 2019, it’s only installed if you add the Optional feature for SMBv1 explicitly.
If you have a case where there’s a false negative on the Fixlet relevance, please let us know and we can correct it.