Get-SMBStatus.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
<#
.Synopsis
Determine if SMB client and server protocols are enabled or disabled.
.DESCRIPTION
Determine if SMB client and server protocols are enabled or disabled.
.NOTES
Created by: Jason Wasser @wasserja
Modified: 6/6/2017 09:22:38 AM
.PARAMETER ComputerName
Enter a computer name or list of computer names to check SMB status.
.PARAMETER Credential
Provide a PScredential object to access the remote computer.
.EXAMPLE
Get-SMBStatus -ComputerName SERVER01
 
ComputerName : SERVER01
SMB1ServerStatus : Disabled
SMB2ServerStatus : Enabled
SMB3ServerStatus : Enabled
SMB1ClientStatus : Disabled
 
.EXAMPLE
Get-SMBStatus -ComputerName server02 -Credential $Credential
 
ComputerName : SERVER02
SMB1ServerStatus : Disabled
SMB2ServerStatus : Enabled
SMB3ServerStatus : Unsupported
SMB1ClientStatus : Disabled
 
.LINK
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
.LINK
https://gallery.technet.microsoft.com/scriptcenter/Get-SMB1Status-8ecede0e
.LINK
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
#>

function Get-SMBStatus {
    [CmdletBinding()]
    param (
    [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   ValueFromPipeline=$true,
                   Position=0)]
    [string[]]$ComputerName = $env:COMPUTERNAME,
    [System.Management.Automation.PSCredential]$Credential = [System.Management.Automation.PSCredential]::Empty
    )


    begin {
        
        #region Get-SMBServerStatus
        # Helper function to get the SMB Server status for each applicable version
        function Get-SMBServerStatus {
            
            $VerbosePreference = 'Continue'
            
            #region Get-SMBServerRegistry
            # Helper function to get the SMB Server status from the registry for each version.
            function Get-SMBServerRegistry {
            param (
                [ValidateSet('SMB1','SMB2','SMB3')]
                [string]$SMBVersion
                )
                try {
                    $ErrorActionPreference = 'Stop'
                    $SMBServerRegistry = Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Name $SMBVersion
                                    
                    # Evaluating SMB version Server status
                    if ($SMBServerRegistry.$SMBVersion -eq 0) {
                        Write-Verbose "$SMBVersion registry key exists and is set to 0."
                        $SMBServerRegistryStatus = 'Disabled'
                        }
                    elseif ($SMBServerRegistry.$SMBVersion -eq 1) {
                        Write-Verbose "$SMBVersion registry key exists and is set to 0."
                        $SMBServerRegistryStatus = 'Enabled'
                        }
                    else {
                        Write-Verbose "$SMBVersion registry key is null."
                        $SMBServerRegistryStatus = $null
                    }
                    
                    $SMBServerRegistryStatus
                }
        
                catch {
                    Write-Verbose -Message "$SMBVersion key value not found on $env:COMPUTERNAME."
                    $SMBServerRegistryStatus = 'Enabled'
                    $SMBServerRegistryStatus
                    }
                }
            #endregion
            
            # Get operating system version to check for supported SMB server versions
            $OS = Get-WmiObject -Class win32_operatingsystem
            Write-Verbose "$($env:COMPUTERNAME) is running $($OS.Caption) version $($OS.Version)."
            if ([version]$OS.version -ge [version]'6.0' -and [version]$OS.version -lt [version]'6.2') {
                # SMB1 supported
                $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1
                # SMB2 supported
                $SMB2ServerStatus = Get-SMBServerRegistry -SMBVersion SMB2
                # SMB3 unsupported
                $SMB3ServerStatus = 'Unsupported'
                }
            elseif ([version]$OS.version -ge [version]'6.2') {
                # SMB1 supported
                $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1
                # SMB2 supported
                $SMB2ServerStatus = Get-SMBServerRegistry -SMBVersion SMB2
                # SMB3 supported
                $SMB3ServerStatus = Get-SMBServerRegistry -SMBVersion SMB3
                }
            else {
                # SMB1 supported
                $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1
                # SMB2 unsupported
                $SMB2ServerStatus = 'Unsupported'
                # SMB3 unsupported
                $SMB3ServerStatus = 'Unsupported'
                }
            
            $SMBServerStatusProperties = @{
                    SMB1ServerStatus = $SMB1ServerStatus
                    SMB2ServerStatus = $SMB2ServerStatus
                    SMB3ServerStatus = $SMB3ServerStatus
                }
            $SMBServerStatus = New-Object -TypeName PSCustomObject -Property $SMBServerStatusProperties
            $SMBServerStatus
            }
        #end region

        #region Get-SMB1ClientStatus
        function Get-SMB1ClientStatus {
            try {
                $SMB1ClientServiceDependency = Get-Service -name LanManWorkstation -RequiredServices -ErrorAction Stop | Where-Object -FilterScript {$_.Name -eq 'MrxSmb10'}
                if ($SMB1ClientServiceDependency) {
                    $SMB1ClientStatus = 'Enabled'
                    }
                else {
                    $SMB1ClientStatus = 'Disabled'
                    }
                $SMB1ClientStatus
                }
            catch {
                $SMB1ClientStatus = $null
                $SMB1ClientStatus
                }
            }
        #endregion

    }

    process {
        foreach ($Computer in $ComputerName) {
            try {
                Write-Verbose -Message "Checking SMB status for $Computer"
                $Session = New-PSSession -ComputerName $Computer -ErrorAction Stop -Credential $Credential
                $SMBServerStatus = Invoke-Command -ScriptBlock ${function:Get-SMBServerStatus} -Session $Session
                $SMB1ClientStatus = Invoke-Command -ScriptBlock ${function:Get-SMB1ClientStatus} -Session $Session
                Remove-PSSession -Session $Session

                $SMBStatusProperties = [ordered]@{
                    ComputerName = $Computer
                    SMB1ServerStatus = $SMBServerStatus.SMB1ServerStatus
                    SMB2ServerStatus = $SMBServerStatus.SMB2ServerStatus
                    SMB3ServerStatus = $SMBServerStatus.SMB3ServerStatus
                    SMB1ClientStatus = $SMB1ClientStatus
                    }
                $SMBStatus = New-Object -TypeName pscustomobject -Property $SMBStatusProperties
                $SMBStatus

                }
            catch {
                Write-Error $Error[0].ErrorDetails
                return
                }
            }
        }
    end {}
    }