Disabling SMBv1 with Intune

Question

Hello Friends, Need guidance if someone Disabled SMBv1 with Intune.

 

I have tried creating following custom profile using OMA-URI options but No luck:

Setting One:

Name: ConfigureSMBV1ClientDriver
OMA-URI: ./Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
Data type: string
Value:
<enabled/>
<data id=”Pol_SecGuide_SMB1ClientDriver” value=”4″/>

 

Setting Two:

Name: ConfigureSMBV1Server
OMA-URI: ./Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
Data type: string
Value: <disabled/>

 

Problem Statement: These setting getting applied successfully applied but if someone manually enabled or if its already enabled than Intune Policy not helping……..Any advise or workaround for permanent disable this.

PS use for these testing

• Detect: Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
• Enable: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
• Disable: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

 

solved 0
Manav Kashyap 2020-05-29T03:19:16+05:30 6 Answers 1708 views Beginner
0

Answers ( 6 )

  2. Vidya M A
    0
    2022-03-17T17:13:34+05:30
    Reply

    Hopefully, are there any updates ? Try to share the solution to help others in the community.

  4. Anoop C Nair
    0
    2020-06-02T08:15:30+05:30
    Reply

    I think better to raise a support case if you don’t find out auto remediation option … I don’t see much documentation around this

    Best answer
  6. Anoop C Nair
    0
    2020-05-29T08:14:02+05:30
    Reply

    Pls check the points Jitesh mentioned above.

    You need an auto remediation option for these policies.

    I don’t know whether this is in place for all csps but you can try to find out whether this works the particular csp which you mentioned above

    Or else you need to come up with some other logic to ensure that is going get remediated using scheduled task or something else

  8. Jitesh Kumar
    1
    2020-05-29T07:32:32+05:30
    Reply

    Hello Manav, Thanks for providing extensive details.

    -Had you tried to check the behavior by disabling it manually through PS in those machines .
    – With Intune does it making enable\disable registry entries ? Did you also verified from command line.

    • Manav Kashyap
      0
      2020-06-02T07:38:54+05:30
      Reply

      Hey Jitesh,

      I have tried all the possible option to test it as by-default SMBv1 feature are disabled.

      Test Case: Intune Setting Applied (CSP/ Administrative Template) to SMBv1 Device status as disabled.
      Perform manually enabling it via feature or even via command-line and end-results SMBv1 enables, policy status shows successful, registry changes validated as well:
      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\MSSecurityGuide\ConfigureSMBV1ClientDriver
      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\MSSecurityGuide\ConfigureSMBV1Server

      verification registry path:
      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\MSSecurityGuide
      Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1=0

      Everything in-place, but when enabling SMB1, its enable but not disabling it automatically.

Leave an answer

Sorry, you do not have permission to answer to this question .