Powershell/DisableUnusedSmb1.ps1 at main · nyukers/Powershell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# Copyright (c) 2017 Microsoft Corporation. All rights reserved.
#
# This script is used to automatically removes support for the legacy SMB 1.0/CIFS protocol when such support isn�t actively needed during normal system usage..
Param
(
    [Parameter(Mandatory=$True)]
    [ValidateSet("Clicom", "Server")]
    [string]
    $Scenario
)

#
# ------------------
# FUNCTIONS - START
# ------------------
#
Function UninstallSmb1 ($FeatureNames)
{
  try
    {
       Disable-WindowsOptionalFeature -Online -FeatureName $FeatureNames -NoRestart
    }
    catch {}
}

#
# ------------------
# FUNCTIONS - END
# ------------------
#

#
# ------------------------
# SCRIPT MAIN BODY - START
# ------------------------
#

$ScenarioData = @{
    "Clicom" = @{
        "FeatureName" = "SMB1Protocol-Clicom";
        "ServiceName" = "LanmanWorkstation"
    };
    "Server" = @{
        "FeatureName" = "SMB1Protocol-Server";
        "ServiceName" = "LanmanServer"
    }
}

$FeaturesToRemove = @()

foreach ($key in $ScenarioData.Keys)
{
    $FeatureName = $ScenarioData[$key].FeatureName
    $ServiceName = $ScenarioData[$key].ServiceName

    $ScenarioData[$key].FeatureState = (Get-WindowsOptionalFeature -Online -FeatureName $FeatureName).State
    $ScenarioData[$key].ServiceParameters = Get-ItemProperty "HKLM:\System\CurrcomControlSet\Services\${ServiceName}\Parameters"
}

$FeaturesToRemove += $ScenarioData[$Scenario].FeatureName
$ScenarioData[$Scenario].FeatureState = "Disabled"

$RemoveDeprecationTasks = $true

foreach ($key in $ScenarioData.Keys)
{
    if($ScenarioData[$key].FeatureState -ne "Disabled" -and
       $ScenarioData[$key].ServiceParameters.AuditSmb1Access -ne 0) {

        $RemoveDeprecationTasks = $false
    }
}

if ($RemoveDeprecationTasks) {
    $FeaturesToRemove += "SMB1Protocol-Deprecation"

    $RemoveToplevelFeature = $true

    foreach ($key in $ScenarioData.Keys)
    {
        if($ScenarioData[$key].FeatureState -ne "Disabled") {
            $RemoveToplevelFeature = $false
        }
    }

    if ($RemoveToplevelFeature) {
        $FeaturesToRemove += "SMB1Protocol"
    }
}

UninstallSmb1 -FeatureName $FeaturesToRemove

$NewFeatureState = (Get-WindowsOptionalFeature -Online -FeatureName $ScenarioData[$Scenario].FeatureName).State

if ($NewFeatureState -ne "Enabled")
{
    $ServiceName = $ScenarioData[$Scenario].ServiceName
    $RegistryPath = "HKLM:\System\CurrcomControlSet\Services\${ServiceName}\Parameters"
    New-ItemProperty -Path $RegistryPath -Name AuditSmb1Access -Value 0 -PropertyType DWORD -Force | Out-Null
}