Last active
December 9, 2017 00:03
-
-
Save RomelSan/3626f0765267f0043afc26d462ee2816 to your computer and use it in GitHub Desktop.
SMB v3 basic security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SMB Security v0.3 | |
# By Romel Vera (https://www.github.com/RomelSan) | |
# Enforce SMB v3 basic security | |
# License: MIT | |
# Build: December 8, 2017 | |
# Check SMB Server Configuration: | |
Get-SmbServerConfiguration | | |
select EnableSMB1Protocol, EnableSMB2Protocol, EncryptData, RejectUnencryptedAccess, RequireSecuritySignature | |
# Disabling SMB 1.0 | |
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
# Enabling Encryption | |
Set-SmbServerConfiguration -EncryptData $true -Force | |
# Rejecting Unencrypted Access (Turning this "ON" slows transfers about 10% to 15%) (Turn this on if you want security) | |
Set-SmbServerConfiguration -RejectUnencryptedAccess $true -Force | |
# Enabling Secure Signature (Superseeded by encryption) | |
Set-SmbServerConfiguration -EnableSecuritySignature $true -Force | |
# Require Secure Signature (Superseeded by encryption) (Leave this off) (Turning this "ON" slows transfers about 10% to 15%) | |
Set-SmbServerConfiguration -RequireSecuritySignature $false -Force | |
#--------------------------------------------------------------- | |
# Check SMB Client Configuration: | |
Get-SmbClientConfiguration | | |
select EnableSecuritySignature, RequireSecuritySignature, EnableInsecureGuestLogons | |
# Disable SMB v1 | |
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart | |
# Enable Secure Signature (Superseeded by encryption) | |
Set-SmbClientConfiguration -EnableSecuritySignature $true -Force | |
# Require Secure Signature (Superseeded by encryption)(Leave this off) (Turning this "ON" slows transfers about 10% to 15%) | |
Set-SmbClientConfiguration -RequireSecuritySignature $false -Force | |
# Disable Insecure Logons | |
Set-SmbClientConfiguration -EnableInsecureGuestLogons $false -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment