Disabling SMBv1 with Intune
Question
Hello Friends, Need guidance if someone Disabled SMBv1 with Intune.
I have tried creating following custom profile using OMA-URI options but No luck:
Setting One:
Name: ConfigureSMBV1ClientDriver
OMA-URI: ./Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
Data type: string
Value:
<enabled/>
<data id=”Pol_SecGuide_SMB1ClientDriver” value=”4″/>
Setting Two:
Name: ConfigureSMBV1Server
OMA-URI: ./Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
Data type: string
Value: <disabled/>
Problem Statement: These setting getting applied successfully applied but if someone manually enabled or if its already enabled than Intune Policy not helping……..Any advise or workaround for permanent disable this.
PS use for these testing
• Detect: Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
• Enable: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
• Disable: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Answers ( 6 )
Hopefully, are there any updates ? Try to share the solution to help others in the community.
I think better to raise a support case if you don’t find out auto remediation option … I don’t see much documentation around this
Pls check the points Jitesh mentioned above.
You need an auto remediation option for these policies.
I don’t know whether this is in place for all csps but you can try to find out whether this works the particular csp which you mentioned above
Or else you need to come up with some other logic to ensure that is going get remediated using scheduled task or something else
Exactly, i need an Auto remediation option either for CSP or Administrative Templates.
Unfortunately, could not find anything.
Hello Manav, Thanks for providing extensive details.
-Had you tried to check the behavior by disabling it manually through PS in those machines .
– With Intune does it making enable\disable registry entries ? Did you also verified from command line.
Hey Jitesh,
I have tried all the possible option to test it as by-default SMBv1 feature are disabled.
Test Case: Intune Setting Applied (CSP/ Administrative Template) to SMBv1 Device status as disabled.
Perform manually enabling it via feature or even via command-line and end-results SMBv1 enables, policy status shows successful, registry changes validated as well:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\MSSecurityGuide\ConfigureSMBV1ClientDriver
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\MSSecurityGuide\ConfigureSMBV1Server
verification registry path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\MSSecurityGuide
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1=0
Everything in-place, but when enabling SMB1, its enable but not disabling it automatically.