1

Regarding recent WannaCrypt’ incident:

  • is it possible to use SCOM to check if SMB1 is enabled? I can see SMB State as part of the File Services MP, but not version. I guess a PowerShell task would do it, but I imagine that pretty much all our servers with SMB enable will have version 1.
  • Is there any way to check for installed hotfixes – I’m assuming not, but we don’t have SCCM agent on our servers and they’re not all pointing at WSUS.
  • Will disabling SMB1 on SCOM Management Servers have any impact on SCOM?
astonpa commented
    • Thanks all. I've created a Task to check SMB version. Using Kevin Holman's 'execute any PowerShell' that's part of his Agent Management MP, I can check for the following to see if the hotfix has been installed: Windows 2012 R2 Get-WmiObject -class "win32_quickfixengineering" | where-object {$_.HotFixID -eq "KB4019215"} Windows 2008 R2 Get-WmiObject -class "win32_quickfixengineering" | where-object {$_.HotFixID -eq "KB4012212"} Windows 2008 Get-WmiObject -class "win32_quickfixengineering" | where-object {$_.HotFixID -eq "KB4012598"} I've disabled SMB1 across my SCOM Management Group and everything is… Continue reading