As part of our ongoing efforts to warn the public about the Wanna Cry ransomware plague that is ravaging computer systems across the globe, the Computer Network Systems (CompNetSys) team is putting together educational articles such as this one to accurately describe ways you can fortify your business IT against the onslaught of pain being wielded by these criminals.
One of the methods of defense against Wanna Cry – suggested by many IT professionals – is the disabling of Server Message Block (SMB)v1 in Windows and Windows Server.
Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.
Here are the instructions from Microsoft:
How to enable or disable SMB protocols on the SMB server
Windows 8 and Windows Server 2012
Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.
Notes When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.
You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.
- To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
- To disable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
- To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB2Protocol $false
- To enable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $true
- To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.
Windows PowerShell 2.0 or a later version of PowerShell
- To disable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force
- To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 -Type DWORD -Value 0 -Force
- To enable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force
- To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 -Type DWORD -Value 1 -Force
Note You must restart the computer after you make these changes.
Registry Editor
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To enable or disable SMBv1 on the SMB server, configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
To enable or disable SMBv2 on the SMB server, configure the following registry key:
Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
How to enable or disable SMB protocols on the SMB client
Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
Note When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.
- To disable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
- To enable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto
- To disable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
- To enable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
Notes
- You must run these commands at an elevated command prompt.
- You must restart the computer after you make these changes.
Other important safeguards against Wanna Cry ransomware include backing up all your essential files and applications, running a respected antivirus program, and being careful not to open any emails attachments that are from an unknown source.
Is your business prepared? Our cyber-security professionals are ready to help you fortify your business against this Wanna Cry ransomware onslaught.
Call us now at 866.205.8123 or send and email to support.staff@compnetsys.com for a cyber-security consultation.