RomelSan/SMB Security v0.3.ps1

## SMB Security v0.3.ps1
# SMB Security v0.3
# By Romel Vera (https://www.github.com/RomelSan)
# Enforce SMB v3 basic security
# License: MIT
# Build: December 8, 2017

# Check SMB Server Configuration:
Get-SmbServerConfiguration |
select EnableSMB1Protocol, EnableSMB2Protocol, EncryptData, RejectUnencryptedAccess, RequireSecuritySignature

# Disabling SMB 1.0
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

# Enabling Encryption
Set-SmbServerConfiguration -EncryptData $true -Force

# Rejecting Unencrypted Access (Turning this "ON" slows transfers about 10% to 15%) (Turn this on if you want security)
Set-SmbServerConfiguration -RejectUnencryptedAccess $true -Force

# Enabling Secure Signature (Superseeded by encryption)
Set-SmbServerConfiguration -EnableSecuritySignature $true -Force

# Require Secure Signature (Superseeded by encryption) (Leave this off) (Turning this "ON" slows transfers about 10% to 15%)
Set-SmbServerConfiguration -RequireSecuritySignature $false -Force

#---------------------------------------------------------------

# Check SMB Client Configuration:
Get-SmbClientConfiguration |
select EnableSecuritySignature, RequireSecuritySignature, EnableInsecureGuestLogons

# Disable SMB v1
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart

# Enable Secure Signature (Superseeded by encryption)
Set-SmbClientConfiguration -EnableSecuritySignature $true -Force

# Require Secure Signature (Superseeded by encryption)(Leave this off) (Turning this "ON" slows transfers about 10% to 15%)
Set-SmbClientConfiguration -RequireSecuritySignature $false -Force

# Disable Insecure Logons
Set-SmbClientConfiguration -EnableInsecureGuestLogons $false -Force
	# SMB Security v0.3
	# By Romel Vera (https://www.github.com/RomelSan)
	# Enforce SMB v3 basic security
	# License: MIT
	# Build: December 8, 2017

	# Check SMB Server Configuration:
	Get-SmbServerConfiguration \|
	select EnableSMB1Protocol, EnableSMB2Protocol, EncryptData, RejectUnencryptedAccess, RequireSecuritySignature

	# Disabling SMB 1.0
	Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

	# Enabling Encryption
	Set-SmbServerConfiguration -EncryptData $true -Force

	# Rejecting Unencrypted Access (Turning this "ON" slows transfers about 10% to 15%) (Turn this on if you want security)
	Set-SmbServerConfiguration -RejectUnencryptedAccess $true -Force

	# Enabling Secure Signature (Superseeded by encryption)
	Set-SmbServerConfiguration -EnableSecuritySignature $true -Force

	# Require Secure Signature (Superseeded by encryption) (Leave this off) (Turning this "ON" slows transfers about 10% to 15%)
	Set-SmbServerConfiguration -RequireSecuritySignature $false -Force

	#---------------------------------------------------------------

	# Check SMB Client Configuration:
	Get-SmbClientConfiguration \|
	select EnableSecuritySignature, RequireSecuritySignature, EnableInsecureGuestLogons

	# Disable SMB v1
	Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart

	# Enable Secure Signature (Superseeded by encryption)
	Set-SmbClientConfiguration -EnableSecuritySignature $true -Force

	# Require Secure Signature (Superseeded by encryption)(Leave this off) (Turning this "ON" slows transfers about 10% to 15%)
	Set-SmbClientConfiguration -RequireSecuritySignature $false -Force

	# Disable Insecure Logons
	Set-SmbClientConfiguration -EnableInsecureGuestLogons $false -Force