Resources: Handling SMB v1 in Managed Environments with Group Policy

Learn the background behind SMB vulnerabilities in Windows and how you can deal with it in your organization.

Richard Hay, Senior Content Producer

May 26, 2017

2 Min Read
Resources: Handling SMB v1 in Managed Environments with Group Policy

There has been a lot of recent discussion about the Server Message Block (SMB) network file sharing protocol and its vulnerabilities which were used in the WannaCrypt ransomware attack which spread quickly after it was first detected earlier this month.

The situation was so severe that Microsoft even issued a security patch for Windows XP based systems which has been out of support since April 2014. While I am sure users appreciated that patch, it looks like Windows 7 was more vulnerable to this exploit than Windows XP users in the long run.

Microsoft has been talking about this SMB v1 vulnerability since at least last September and over on the "Stay Safe" Cyber Security Blog, Troy Arwine provides historical context about this issue including links to all of the related articles from MSDN and TechNet.

He also provides links to the security bulletin that was published back in March when the company patched the exploit and then the follow on content relating to the ransomware attack this month.

It is all excellent reading to learn about the entire situation however, there is a very practical side to his article as he provides enterprise customers with the steps necessary to disable SMB v1 using Group Policy and there are separate instructions on this process for both SMB v1 Server and Client.

While patching/disabling the SMB protocol on your servers and clients is important, do not forget to take a look at other file sharing hardware you might use on your network and make sure you upgrade firmware so that you can avoid this vulnerability in SMB v1. If your hardware does not support switching off SMB v1, like my Western Digital MyCloud device, than you should consider replacing that hardware on your network as soon as possible.

----------

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------------------------------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

About the Author(s)

Richard Hay

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

See more from Richard Hay
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
byBrien Posey
Jul 19, 2024
5 Min Read
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?
byChristopher Tozzi
Jul 18, 2024
6 Min Read
robot and human fingers touching
Career Management
Employees Beginning to See Benefits of AI Autonomy in the WorkplaceEmployees Beginning to See Benefits of AI Autonomy in the Workplace
byNathan Eddy
Jul 3, 2024
4 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

hand touches red cube via HoloLens view alongside diagram showing the app deployment workflow
Digital Transformation
How To Deploy Your App on Microsoft HoloLens 2How To Deploy Your App on Microsoft HoloLens 2
ITPro Today Data Privacy Quick Reference Guide cover image
Data Privacy
Data Privacy Quick Reference GuideData Privacy Quick Reference Guide
screenshot of unity software and a text object with the words Hello World
Digital Transformation
How To Build Apps for HoloLens 2 DevicesHow To Build Apps for Hololens 2 Devices
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?