SMBv1 Solutions

WannaCry
WannaCry

It’s been weeks since the #WannaCry #WannaCrypt exploited thousands of computers across the internet. If you have been regularly patching your systems you would have been covered by the March 2017 update. The vulnerability used the legacy protocol SMB version 1 to propagate across the network once a machine was infected. Security experts and even Microsoft have been calling for the disabling and or removal of the SMBv1 protocol from Windows environments for quite some time.

A Little History

Introduced with Windows XP, the SMBv1 protocol has been installed and enabled by default on all Windows operating systems for backwards compatibility. SMB version 2 was introduced with Windows Vista/Windows Server 2008 adding additional security and performance. SMB version 3 was introduced with Windows 8/Windows Server 2012 adding even more performance and availability options.

But First…

Disabling SMBv1 across an enterprise is no small feat. There’s a process to follow, and there’s research that needs to be done ahead of time. There are basically three hang-ups that can keep you from disabling SMBv1 across the board:

  • Windows XP and Windows Server 2003 boxes still hanging around the network. You REALLY need to get rid of them.
  • Linux servers, appliances, or devices that share or access data over SMBv1. Check with your vendors on supporting SMB 2.
  • Network scanners or multi-function printers that scan to file servers using SMBv1. See if they can be reconfigured or updated to support SMB 2.

Do the work to identify these gotchas so that you can know where you can and can’t proceed with disabling the legacy protocol.

Tip

Note that when disabling the SMBv1 protocol you need to disable both the server-side (I’m sharing files with you) and client-side (you’re sharing files with me) of the protocol.

Get It Done!

You route to disabling SMBv1 depends on the tools at your disposal.

1. Batch files and psexec

 

2. Group Policyhttps://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/

or

https://blogs.technet.microsoft.com/secguide/2017/06/15/disabling-smbv1-through-group-policy/

3. SCCMhttps://alexpooleyblog.wordpress.com/2017/03/09/disabling-smb1-via-configmgr-desired-state-configuration-dsc/

I wrote a PowerShell tool to gather the SMB protocols that are enable/disabled on a Windows computer called Get-SmbStatus. You can use this tool for discovery before and/or after you make your changes.

Example:

You can pick up the PowerShell function Get-SmbStatus at the Technet Script Repository.

DEV Intersection Conference

DEV Intersection
DEV Intersection Conference

Last month I had the privilege to attend the DEV Intersection conference in Orlando, FL. Being a infrastructure engineer I stuck to the IT Transformation track which was stocked with great speakers and sessions. The general focus of the sessions and keynotes was utilizing Microsoft (and others’) technologies to move towards devops oriented processes. I was additionally grateful for the workshops focusing on leveraging Visual Studio Team Services with Visual Studio Code to write PowerShell infrastructure as code taught by Jeffrey Snover, Don Jones, and Michael Greene. They convinced me to finally switch to using Code as my PowerShell editor.

Another highlight of the conference was Jeffrey Snover’s keynote on the impending release of Azure Stack. He presented the value proposition of businesses and service providers being able to provide a subset of Azure services in places where the Azure public cloud doesn’t yet make sense. I really think this is more game changing then most people realize and will put Microsoft in a unique position to help businesses transition to the “cloud” both in architecture and destination.

For years I have been listening to podcasts, reading blogs, and watching training videos, and it was a real treat to finally meet some of these people in person, shake their hand, and thank them for their influence on my career.

People I’m glad to have met:
Jeffrey Snover
Don Jones
Orin Thomas
Tim Warner
Michael Greene
John Savill
Steven Murawski
Rich Campbell

I would definitely go to the DEV Intersection conference again (if/when it comes back to the south east). The next conference is October 31-November 2, 2017 in Las Vegas.

Disk Inventory with PowerShell

Hard Drive
Hard Drive

Almost every time I write a PowerShell script, tool, or module it is to scratch an itch that I have. The Get-DiskInventory script is not new to me, but I have recently published because I saw others needed the same type of tool.

Get-DiskInventory gets a list of disk (really volumes) on a local or remote computer and displays their drive letter, name, free space, capacity, used space, and % free. While new operating systems have Get-Volume, sometimes you need a tool to work with those “legacy” operating systems such as Windows Server 2008 R2.

Get-DiskInventory leverages Get-WmiObject to gather the necessary information and is compatible across all versions of Windows client and server.

Examples:

Get your copy now from the TechNet Script repository.