Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 24, 2017 12:07 PM
Hi Guys
I need your assistance, I'm trying to find out if SMB1 is enabled on my AD servers (mix of 2008 and 2012 servers) however I seem to have issues when invoking the command remotely
When running the command on the server, no problem
PS C:\Windows\system32> Get-SmbServerConfiguration | select enableSMB1Protocol
enableSMB1Protocol
True
But when running via PSSession or invoke-command, it fails
PS C:\WINDOWS\system32> icm -cn server1 {Get-SmbServerConfiguration | select enableSMB1Protocol}
The term 'Get-SmbServerConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of
the name, or if a path was included, verify that the path is correct and try again.
+ CategoryInfo : ObjectNotFound: (Get-WindowsFeature:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
+ PSComputerName : server1
[server1]: PS C:\Users\gaetan-admin\Documents> Get-SmbServerConfiguration | select enableSMB1Protocol
The term 'Get-SmbServerConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spel
ling of the name, or if a path was included, verify that the path is correct and try again.
+ CategoryInfo :
+ FullyQualifiedErrorId : CommandNotFoundException
And I get the same for all the AD servers
Get-ADComputer -Fil {OperatingSystem -Like "Windows *Server*" -and Enabled -eq $true} | % {$ServerName = $_.Name; write-host "CURRENT SERVER: "$ServerName ; icm -cn $_.Name {Get-SmbServerConfiguration | select enableSMB1Protocol}}
Any other commands via icm doesn't cause any troubles. I'm confused about this one
Thanks
Regards
Gaetan
All replies (10)
Wednesday, May 24, 2017 1:55 PM
The remote system does not have that module available.
\(ツ)_/
Wednesday, May 24, 2017 2:20 PM
Hi,
try to copy/have the following module installed on the remote machine first :
'C:\windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare'
Thanks.
MCTS Windows Server Virtualization, Configuration
Wednesday, May 24, 2017 3:59 PM
Thanks guys for the fast replies. I actually managed to check it using
icm -cn $_.Name {sc.exe qc lanmanworkstation}|select-string "MRxSmb10"
Thursday, May 25, 2017 8:06 AM
Thanks guys for the fast replies. I actually managed to check it using
icm -cn $_.Name {sc.exe qc lanmanworkstation}|select-string "MRxSmb10"
Also:
icm -cn $_.name {gsv MRxSmb10 }
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, May 25, 2017 8:34 AM
Right. The previous command actually checks if SMBv1 client is enabled. I need to check if SMBv1 server feature is enabled by default and disable it but it seems the only command I can find is get-smbserverconfiguration which is not available in Windows 2008 without SMBshare module
How do I install that module in Windows 2008 ?
Thursday, May 25, 2017 8:55 AM
Right. The previous command actually checks if SMBv1 client is enabled. I need to check if SMBv1 server feature is enabled by default and disable it but it seems the only command I can find is get-smbserverconfiguration which is not available in Windows 2008 without SMBshare module
How do I install that module in Windows 2008 ?
Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.
Windows PowerShell 2.0 or a later version of PowerShell
- To disable SMBv1 on the SMB server, run the following cmdlet: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Using the Get-ItemProperty Cmdlet to get smbv1:
https://technet.microsoft.com/en-us/library/ee176852.aspx
Or using GPO:
Edit:
The SMB commands (and several other modules) are specific to Windows 8 and Server 2012. You can use them from Windows 7 via remoting, but they do not target Windows 7 or Server 2008 R2.
The SMB commands target a new WMI namespace (ROOT/Microsoft/Windows/SMB) that does not exist on earlier versions of the OS.
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, May 25, 2017 9:41 AM
Hi Gaetan,
Anything else we can do for you?
If yes, please ask here.
Have a nice day!
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, May 25, 2017 10:53 AM
Hi Andy
I've been asked for a report but we have a mix of windows 2008 and windows 2012, therefore I can use get-smbserverconfiguration for W2k12 and get-itemproperty for W2K8 as below
# Check W2K8 Servers
Get-ADComputer -Fil {OperatingSystem -Like "Windows *Server*2012*" -and Enabled -eq $true} | % {icm -cn $_.Name -EA 0 {get-smbserverconfiguration| select PSComputerName,enableSMB1Protocol}}
# Check W2K8 Servers
Get-ADComputer -Fil {OperatingSystem -Like "Windows *Server*2008*" -and Enabled -eq $true} | % {icm -cn $_.Name -EA 0 {gp "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" |?{$_.SMB1 -eq "0"}|select PSComputerName, SMB1}}
I'll apply a GPO to disable it and thanks again for the help
Friday, May 26, 2017 3:13 AM
Hi Andy
I've been asked for a report but we have a mix of windows 2008 and windows 2012, therefore I can use get-smbserverconfiguration for W2k12 and get-itemproperty for W2K8 as below
# Check W2K8 Servers Get-ADComputer -Fil {OperatingSystem -Like "Windows *Server*2012*" -and Enabled -eq $true} | % {icm -cn $_.Name -EA 0 {get-smbserverconfiguration| select PSComputerName,enableSMB1Protocol}} # Check W2K8 Servers Get-ADComputer -Fil {OperatingSystem -Like "Windows *Server*2008*" -and Enabled -eq $true} | % {icm -cn $_.Name -EA 0 {gp "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" |?{$_.SMB1 -eq "0"}|select PSComputerName, SMB1}}I'll apply a GPO to disable it and thanks again for the help
sounds good.
And would you please help to mark the appropriate reply as answer, so others could get the solution quickly.
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 5, 2017 8:49 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].