locked
Is there a fast way to verify that SMBv1 is disabled or enabled using powershell RRS feed

  • Question

  • 1. How to find out whether SMBV1,V2,V3 are enabled or not using Power shell command for remote servers on all server OS (2003,2008,2012) in the network or domain.

    2. Following is the power shell command to check whether SMB is enabled or not

    Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

    Microsoft Article- https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server

    3. I tried using following powershell script but its not giving required information. Please suggest.

    =====================================================================

    $Servers = Get-Content -Path C:\Users\vnachimu\desktop\servers.txt
    $credential = Get-Credential
    $credential.Password | ConvertFrom-SecureString
    $credential
     
    foreach ($Server in $Servers) {
        Invoke-Command -ComputerName $Server -Credential $credential {$info= Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol}
        $server + "-" + $info.EnableSMB1Protocol | Out-File -FilePath C:\Users\vnachimu\Desktop\details.txt
    }

    ====================================================================





    • Edited by Jags9999 Tuesday, June 6, 2017 7:55 PM
    Tuesday, June 6, 2017 3:37 PM

All replies

  • The SMB module is not available on older systems.  Only W8/2012 and later.

    The SMB CmdLets are only available for Windows 10/2016.

    To get remote settings use CimSession:

    Get-SmbServerConfiguration  -CimSession Alpha


    \_(ツ)_/


    • Edited by jrv Tuesday, June 6, 2017 6:00 PM
    • Proposed as answer by Hello_2018 Thursday, June 8, 2017 2:37 AM
    Tuesday, June 6, 2017 5:58 PM
  • Prepared the powershell script and it worked on 2012 and 2016 servers.

    =====================================================================

    Invoke-Command -ComputerName (Get-Content C:\Users\kj1\Desktop\SMB\Servers.txt) -scriptblock {
    $SMBInfo = Get-SmbServerConfiguration
    $infoObject = New-Object PSObject
    #The following add data to the infoObjects.
    Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV1 Enabled?" -value $SMBInfo.EnableSMB1Protocol
    Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV2 Enabled?" -value $SMBInfo.EnableSMB2Protocol
    Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV3 Enabled?" -value $SMBInfo.EnableSMB3Protocol
    $infoObject
    } | Select-Object * -ExcludeProperty RunspaceId, PSShowComputerName | Export-Csv -path C:\Users\kj1\Desktop\SMB\Server_SMB_$((Get-Date).ToString('MM-dd-yyyy')).csv -NoTypeInformation

    ========================================================================


    • Edited by Jags9999 Tuesday, June 6, 2017 6:42 PM
    Tuesday, June 6, 2017 6:41 PM
  • Hi,

    For old versions, we could try using registry:

    Registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
    Registry entry: SMB1
    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Steps to Enable and Disable SMB protocols on the SMB client
    The below steps applies to Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
    Disables the SMBv1 on the SMB client by running the below commands:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= disabled

    Enables the SMBv1 on the SMB client by running the below commands:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= auto
    Disables the SMBv2 and SMBv3 on the SMB client by running the below commands:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
    sc.exe config mrxsmb20 start= disabled
    Enables the SMBv2 and SMBv3 on the SMB client by running the below commands:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
    sc.exe config mrxsmb20 start= auto
    Important to Note:
    •    The commands be run at a raised command prompt.

    Also trying:

    Get-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters”

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by mth11htm Friday, October 12, 2018 5:41 PM
    Wednesday, June 7, 2017 10:13 AM
  • If the registry entry is not found in the given path then it is enabled or disabled ?

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Registry entry: SMB1

    Wednesday, June 7, 2017 1:09 PM
  • If the registry entry is not found in the given path then it is enabled or disabled ?

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Registry entry: SMB1

    Yes the key doesn't always exist, I've noticed. The GPO will cover it. Doesn't hurt to at least have it in there marked as "disabled."

    Besides, this KB could give you some helps:

    https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Hello_2018 Tuesday, June 13, 2017 4:32 AM
    Thursday, June 8, 2017 2:37 AM