Regarding recent WannaCrypt’ incident:
- is it possible to use SCOM to check if SMB1 is enabled? I can see SMB State as part of the File Services MP, but not version. I guess a PowerShell task would do it, but I imagine that pretty much all our servers with SMB enable will have version 1.
- Is there any way to check for installed hotfixes – I’m assuming not, but we don’t have SCCM agent on our servers and they’re not all pointing at WSUS.
- Will disabling SMB1 on SCOM Management Servers have any impact on SCOM?
Looking at the MP guide, it does not discover the version of SMB. MP guide can be downloaded here:
A monitor to check SMB version would be wise. PowerShell to check SMB version:
You could also create a task to disable SMB1 in the event you find it enabled:
Stop using SMB1:
You could also create a monitor that checks the registry:
HLKM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 = 0
1: Yes. you can create a simple MP with a discovery. Windows have default SMB1 enabled
2: Probably, but havent looked in to how. If you are worried about the WannaCrypt vulnerability, MSFT released a patch for this in March(?)
3: Not that i know of.
to disable SMB1 from powershell
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force
You could also set this through GPO.