Is there a fast way to verify that SMBv1 is disabled or enabled using powershell

Article
2017-06-06

Question

_{Tuesday, June 6, 2017 3:37 PM}

1. How to find out whether SMBV1,V2,V3 are enabled or not using Power shell command for remote servers on all server OS (2003,2008,2012) in the network or domain.

2. Following is the power shell command to check whether SMB is enabled or not

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

Microsoft Article- https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server

3. I tried using following powershell script but its not giving required information. Please suggest.

=====================================================================

$Servers = Get-Content -Path C:\Users\vnachimu\desktop\servers.txt
$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString
$credential

foreach ($Server in $Servers) {
** Invoke-Command -ComputerName $Server -Credential $credential {$info= Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol}**
** $server + "-" + $info.EnableSMB1Protocol | Out-File -FilePath C:\Users\vnachimu\Desktop\details.txt**
}

====================================================================

All replies (5)

_{Tuesday, June 6, 2017 5:58 PM}

The SMB module is not available on older systems. Only W8/2012 and later.

The SMB CmdLets are only available for Windows 10/2016.

To get remote settings use CimSession:

Get-SmbServerConfiguration -CimSession Alpha

\(ツ)_/

_{Tuesday, June 6, 2017 6:41 PM}

Prepared the powershell script and it worked on 2012 and 2016 servers.

=====================================================================

Invoke-Command -ComputerName (Get-Content C:\Users\kj1\Desktop\SMB\Servers.txt) -scriptblock {
$SMBInfo = Get-SmbServerConfiguration
$infoObject = New-Object PSObject
#The following add data to the infoObjects.
Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV1 Enabled?" -value $SMBInfo.EnableSMB1Protocol
Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV2 Enabled?" -value $SMBInfo.EnableSMB2Protocol
Add-Member -inputObject $infoObject -memberType NoteProperty -name "SMBV3 Enabled?" -value $SMBInfo.EnableSMB3Protocol
$infoObject
} | Select-Object * -ExcludeProperty RunspaceId, PSShowComputerName | Export-Csv -path **C:\Users\kj1\Desktop\SMB\**Server_SMB_$((Get-Date).ToString('MM-dd-yyyy')).csv -NoTypeInformation

========================================================================

_{Wednesday, June 7, 2017 10:13 AM | 1 vote}

Hi,

For old versions, we could try using registry:

Registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Steps to Enable and Disable SMB protocols on the SMB client
The below steps applies to Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto
Disables the SMBv2 and SMBv3 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
Enables the SMBv2 and SMBv3 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
Important to Note:
• The commands be run at a raised command prompt.

Also trying:

Get-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters”

Best regards,

Andy

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Wednesday, June 7, 2017 1:09 PM}

If the registry entry is not found in the given path then it is enabled or disabled ?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Registry entry: SMB1

_{Thursday, June 8, 2017 2:37 AM}

If the registry entry is not found in the given path then it is enabled or disabled ?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Registry entry: SMB1

Yes the key doesn't always exist, I've noticed. The GPO will cover it. Doesn't hurt to at least have it in there marked as "disabled."

Besides, this KB could give you some helps:

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server