I've checked my environment and found that approximately 9 servers still have SMBv1 enabled, despite supporting SMBv2 and SMBv3 on all systems. The audit logs indicate almost no SMBv1 traffic over the past year, mostly just scanners or random transient connections. Before I disable SMBv1, I want to ensure that no production systems depend on it. What are the best steps or a quick checklist to confirm there won't be disruptions?
5 Answers
Another method is to monitor the traffic. Running Wireshark on those servers can help you filter for SMBv1 connections, giving you a clearer picture of what's still in play.
Make sure to check all your file shares on the servers. Sometimes, old devices like printers or NAS boxes might still be configured to use SMBv1. It could be beneficial to run some tests on the devices to see if they actually use that version.
You could try auditing SMBv1 usage first. According to the Microsoft documentation, set up those registry keys to log any connections from SMBv1 clients. This way, you can identify if any legacy devices are still trying to connect before disabling it.
A straightforward approach is to turn off SMBv1 and see if anything breaks. If nobody complains after a while, you're probably in the clear!
Ultimately, just disable it. If you do it and nothing fails after a couple of hours, the likelihood of needing SMBv1 again is pretty low. But if something urgent does come up, you can always re-enable it temporarily.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures