top of page

PowerShell Disable SMB V1

# ! ! ! ! Special Note: THIS IS ONLY FOR Widows 10 and 2016 Server ! ! ! !
# See below for other versions
# Used to manage SMB v1 Can Be Exploited

# Set to NoRestart so system will need a reboot at some point 

#----Revese Changes if Needed
# Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol


$SystemSMB = Read-Host "Enter Server Name"

Invoke-Command $SystemSMB -Scriptblock {

    $Array1 = @()


    #SMB v1 (client and server) Detect

    $InstallState1=Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol | Select -ExpandProperty State

    $Array1+= "`n`n$Env:Computername - SMBv1 - $InstallState1`n`n"


    #SMB v1 (client and server) Disable:

    $Doit=Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart

    $InstallState2=Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol | Select -ExpandProperty State

    $Array1 += "`n`n$Env:Computername - SMBv1 - $InstallState2`n`n"


    Return $Array1



Commands For Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 
This is because the lanmanworkstation service has a start up dependancy of SMBv1 default and requires to be changed.
If this is not changed to allow other SMB verion for statup can cause Authtication to fail and not able to logon

sc.exe qc lanmanworkstation

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto


bottom of page