Disabling SMBv1 PowerShell via GPO

Tech Man
Tech Man used Ask the Experts™
on
Hi, I am trying to disable SMBv1 using PowerShell via GPO.
I have two cmdlets:
- one for Windows 8, Windows Server 2012

Set-SmbServerConfiguration -EnableSMB1Protocol $false

-Socond for Windows 7, Windows Server 2008
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force


Please give me some ideas on how to run it once on each machine. Technically check if this applied or not. If yes do not do anything, if no apply the cmdlet.

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Just run the latter command anywhere, it works on ALL Microsoft OS'.
There is no need to distinguish "has it been done already or not" - that is useless. Just do it, configure that line as part of your domain startup script or deploy the registry key via group policy preferences. If you need further help with these instructions, just say.
Senior Systems Admin
Top Expert 2010
Commented:
Personally, I'd rather uninstall SMBv1 components entirely. https://acbrownit.com/2017/05/15/protect-yourself-from-the-wannacrypt-ransomware/
Tech ManInformation Technology

Author

Commented:
I liked the idea of uninstalling the feature completely using :
WindowsOptionalFeature -Online -FeatureName smb1protocol

What would be the best approach to do it in bulk for all workstations?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018
Commented:
Again using a startup script.
powershell Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
would be batch code.
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
would be powershell code for this.
But this would not restart the computer to  complete the process, so you would need to force a restart as well using the shutdown command.
Tech ManInformation Technology

Author

Commented:
Thank you for the reply, How would I run PowerShell Cmdlet as Administrator using GPO? In my script i dont want to specify admin's password in a plain text.

Thanks
Distinguished Expert 2018

Commented:
Tech Man, startup scripts are executed as system account and run with every possible privilege. No need to use the admin account.
Refer to https://support.microsoft.com/en-us/help/556007 for the GPO paths and further info.
Distinguished Expert 2018

Commented:
Any further questions? If not, please close this question by selecting helpful comments as solutions.
Distinguished Expert 2018

Commented:
No doubt that the ways described will work.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial