Last active
May 18, 2017 11:14
-
-
Save stknohg/4c7747773dea5943dcdeb971cfa61c97 to your computer and use it in GitHub Desktop.
各OSでSMBv1を無効にする個人用メモ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 | |
| # 各OSのPowerShellから実行してね | |
| #---------------------------------------------------------------------------------- | |
| # Client OS | |
| #---------------------------------------------------------------------------------- | |
| # Windows 7 | |
| # disable SMB1 protorol(server) | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force | |
| # disable clinet | |
| Get-Service lanmanworkstation | Select-Object ServicesDependedOn | |
| sc.exe config lanmanworkstation depend= $(((Get-Service lanmanworkstation).ServicesDependedOn | Where-Object { $_.Name -ne 'MRxSmb10' } | Select-Object -ExpandProperty Name) -join '/') | |
| sc.exe config mrxsmb10 start= disabled | |
| # Windows 8 / Windows 8.1 / Windows 10 | |
| # disable SMB1 protorol(server) | |
| Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| # remove component | |
| Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol | |
| Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol | |
| #---------------------------------------------------------------------------------- | |
| # Server OS | |
| #---------------------------------------------------------------------------------- | |
| # Windows Server 2008R2 | |
| # disable SMB1 protorol(server) | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force | |
| # disable clinet | |
| Get-Service lanmanworkstation | Select-Object ServicesDependedOn | |
| sc.exe config lanmanworkstation depend= $(((Get-Service lanmanworkstation).ServicesDependedOn | Where-Object { $_.Name -ne 'MRxSmb10' } | Select-Object -ExpandProperty Name) -join '/') | |
| sc.exe config mrxsmb10 start= disabled | |
| # Windows Server 2012 | |
| # disable SMB1 protorol(server) | |
| Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| # disable clinet | |
| Get-Service lanmanworkstation | Select-Object ServicesDependedOn | |
| sc.exe config lanmanworkstation depend= $(((Get-Service lanmanworkstation).ServicesDependedOn | Where-Object { $_.Name -ne 'MRxSmb10' } | Select-Object -ExpandProperty Name) -join '/') | |
| sc.exe config mrxsmb10 start= disabled | |
| # Windows Server 2012 R2 / Windows Server 2016 | |
| # disable SMB1 protorol(server) | |
| Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol | |
| Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force | |
| # remove component | |
| Get-WindowsFeature -Name FS-SMB1 | |
| Remove-WindowsFeature -Name FS-SMB1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Windows 2008 Server用バッチ | |
| REM disable SMB1 protorol(server) | |
| reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v SMB1 /t REG_DWORD /d 0 /f | |
| REM disable clinet | |
| sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi | |
| sc.exe config mrxsmb10 start= disabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' 一応VBScript版を作ったけど実環境では未検証... | |
| ' Windows 2008 Server用バッチ | |
| Set Shell = WScript.CreateObject("WScript.Shell") | |
| ' disable SMB1 protorol(server) | |
| Call Shell.RegWrite("HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1", 0, "REG_DWORD") | |
| ' disable clinet | |
| Set Network = CreateObject("WScript.Network") | |
| Set Service = GetObject("winmgmts:\\.\root\CIMV2") | |
| Set Items = Service.ExecQuery("SELECT * FROM Win32_DependentService WHERE Dependent = ""\\\\"+Network.ComputerName+"\\root\\CIMV2:Win32_Service.Name='LanmanWorkstation'""") | |
| i = 0 | |
| For Each item In Items | |
| Redim Preserve Depends(i) | |
| tempArray = Split(item.Antecedent, "=") | |
| tempService = Replace(tempArray(1), """", "") | |
| if (tempService <> "mrxsmb10") Then | |
| Depends(i) = tempService | |
| i = i + 1 | |
| End If | |
| Next | |
| ' wmiでやってもよいけど面倒なのでscコマンドで | |
| Shell.Exec("sc.exe config lanmanworkstation depend= " + Join(Depends, "/")) | |
| Shell.Exec("sc.exe config mrxsmb10 start= disabled") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment