Server - SMB Protocols some useful information

Consider that on each Win O.S. there are two services (one is necessary to connect to remote shares, other one is necessary to publish shares):

1. Client (LanmanWorkstation)
   Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
2. Server side (LanmanServer) 
   Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer

Here they are some useful commands:

Get-Service Lanman*

Get-SmbShare

Get-Service LanmanServer -DependentServices

To log any if SMB 1.0 protocol is enabled on file server you must use below powershell command 

Set-SmbServerConfiguration -AuditSmb1Access $True -Force

On eventviewer logs are here located:

Applications and Services Logs > Microsoft > Windows > SMBServer > Audit

EventID 3000 

to view events using powershell you must use:

Get-WinEvent -LogName Microsoft-Windows-SMBServer/Audit | Out-GridView

to view if SMB 1.0 is enabled 

Get-SmbServerConfiguration | select EnableSMB1Protocol

If you want to see which SMB versions are using your clients

Get-SmbSession | select ClientComputerName, ClientUserName, NumOpens, Dialect

Dialect is correct column indicating SMB version

There are possibilities to encrypt End-to-End encryption, for single share:

Set-SmbShare -Name Projects$ -EncryptData $True -Force

and for entirely file server

Set-SmbServerConfiguration –EncryptData $True -Force

Meanwhile Microsoft is going to not support, SMB 1 on Windows 11 due to well known security problems. (driver and DLL would not be included)

https://edge9.hwupgrade.it/news/security/microsoft-non-supportera-piu-smb1-in-windows-11_106760.html

[original article]

https://4sysops.com/archives/the-smb-protocol-all-you-need-to-know/