We help IT Professionals succeed at work.

WannaCry/SMBv1 and Windows Server 2003

21,786 Views
Last Modified: 2017-05-15
Hi, the client has Windows Server 2003 running on one server, it's the only server left on this old version. Everything else is 2012 R2. I am unable to do anything about it because the garbage ADP payroll software HandPunch will not run on anything newer.

Given the WannaCry malware issue this weekend, any way to disable SMBv1 on Server 2003? Can't find any guidance on this. It is not a DC, it's a virtualized server that exists solely for running the ADP software, so I'm hoping I can just disable SMBv1 and then go back to the client to talk about how crappy ADP software is.
Comment
Watch Question

Commented:
You could block smb at the firewall and rdp in to use ADP

Author

Commented:
An interesting idea that I never even thought of. RDP probably not needed in this case. I guess my question is then, does blocking SMB in the Windows firewall protect against the new malware infection? Microsoft's security announcement seemed to indicate that only removing SMBv1 was the option.

Author

Commented:
Actually cancel this request. I now see that it's possible to use the ADP software with Server 2008 R1 SP2. I'll just upgrade the OS to resolve this. Thanks.

Commented:
Either remove smb1, or block access to SMB ports (firewall) and the malware has no target.  simple short term fix until you can install on 2008.

Author

Commented:
Right, I'm trying to figure out how to remove SMBv1 on Server 2003. Not sure if that can be done, even.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
As per this site, 2003 ONLY does SMB1.  

https://blogs.technet.microsoft.com/josebda/2015/04/21/the-deprecation-of-smb1-you-should-be-planning-to-get-rid-of-this-old-smb-dialect/

I would just do as above to block it at the firewall.  If you try to disable SMB, then it could end up being unwittingly enabled again while doing other maintenance.

Author

Commented:
Just in case anyone else has this issue, they just released this today. Applies to XP and Server 2003.

https://www.engadget.com/2017/05/13/microsoft-windowsxp-wannacrypt-nhs-patch/
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.