Consider that on each Win O.S. there are two services (one is necessary to connect to remote shares, other one is necessary to publish shares): - Client (LanmanWorkstation)
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation - Server side (LanmanServer)
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
Here they are some useful commands:
Get-Service Lanman*
Get-SmbShare
Get-Service LanmanServer -DependentServices
To log any if SMB 1.0 protocol is enabled on file server you must use below powershell command
Set-SmbServerConfiguration -AuditSmb1Access $True -Force
On eventviewer logs are here located:
Applications and Services Logs > Microsoft > Windows > SMBServer > Audit
EventID 3000
to view events using powershell you must use:
Get-WinEvent -LogName Microsoft-Windows-SMBServer/Audit | Out-GridView
to view if SMB 1.0 is enabled
Get-SmbServerConfiguration | select EnableSMB1Protocol
If you want to see which SMB versions are using your clients
Get-SmbSession | select ClientComputerName, ClientUserName, NumOpens, Dialect
Dialect is correct column indicating SMB version
There are possibilities to encrypt End-to-End encryption, for single share:
Set-SmbShare -Name Projects$ -EncryptData $True -Force
and for entirely file server
Set-SmbServerConfiguration –EncryptData $True -Force
Meanwhile Microsoft is going to not support, SMB 1 on Windows 11 due to well known security problems. (driver and DLL would not be included)
[original article]
