SOLVED: How To Disable SMB1 and Keep Safe From WannaCry Variants

Published by Ian Matthews on

Even the latest Windows 10 1703 still has SMB1 enabled by default. wannacry-lock-logo If you want to keep yourself safe from WannaCry / WannaCrypt0r 2 variants you need to disable SMB 1.0.

You can disable SMB 1.0 in 5 ways:

A – How to Disable SMB 1 using the GUI

  1. Click the START button and type FEATURES
  2. Click TURN WINDOWS FEATURES ON OR OFF
  3. Scroll through the list and uncheck SMB 1.0/CIFS FILE SHARING SUPPORT

B – How to Disable SMB 1 using a PowerShell Script:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0  – Force

C – How to Disable SMB 1 using CMD Line:

DISM /online /disable-feature /featurename:SMB1Protocol

D – How to Disable SMB 1 using a GPO:

  1. Create a new GPO and edit it
  2. Expand COMPUTER > PREFERENCES > WINDOWS > REGISTRY
  3. Right click and one at a time add the following three entries:

    Action:     Create
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
    Value name: SMB1
    Value type: REG_DWORD
    .
    Value data: 0Action: Update
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\services\mrxsmb10
    Value name: Start
    Value type: REG_DWORD
    .
    Value data: 4Action: Replace
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\Services\LanmanWorkstation
    Value name: DependOnService
    Value type REG_MULTI_SZ
    Value data:

    • Bowser
    • MRxSmb20
    • NSI
      Note: These 3 strings will NOT have bullets

For details read THIS Microsoft post.

E – How to Disable SMB 1 by Editing the Registry:

Create the registry entries specified in step 3 of option “D” above

 

How to Verify SMB 1.0 Is Disabled:

Note that there appears to be no ready way to test and confirm that SMB 1.0 is disabled.  In fact I found that after setting the GPO that both the GUI and the following command showed that SMB 1.0 was still enabled.

DISM /online /get-features /format:table | more

Microsoft Partner Support tells me “…already use GPP to set the registry value to 0. Per the current information we have, if the value is 0, then the SMBv1 is disabled. For the UI of features, it just shows this computer has the ability to provide SMBv1 service, however, whether the service is enabled or not, the switch is in the registry.

If you want to see the discussion I had with Partner Support, which includes many screen shots, click HERE.

.

Categories: Business & Tech NewsWindows 11 & Windows 10Windows Server
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

team working on laptops at common table

Effective Annotation Team: Roles and Strategies

In the field of AI, data annotation accuracy is key to model effectiveness. This guide explores strategies for building and managing a data annotation team members. It underscores the need to choose the right team Read more…

computer-rack-fronts-server-room

Choosing the Right Proxy Provider for Your Needs: A Focus on Infatica.io

In an era where digital footprints are closely monitored, the strategic deployment of proxy services has become a cornerstone of online privacy and data collection strategies. Proxies are vital tools for anyone looking to browse Read more…

blacklisted bad words

SOLVED: 1600 Word Black List Bad Words For Your Comment Filter

As soon as you open comments to the entire Internet, you have problems. It’s important to create a community and to keep your visitors engaged. However, wide open comments leads to bots and professional promoters Read more…