Get-SMBStatus.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 |
<#
.Synopsis Determine if SMB client and server protocols are enabled or disabled. .DESCRIPTION Determine if SMB client and server protocols are enabled or disabled. .NOTES Created by: Jason Wasser @wasserja Modified: 6/6/2017 09:22:38 AM .PARAMETER ComputerName Enter a computer name or list of computer names to check SMB status. .PARAMETER Credential Provide a PScredential object to access the remote computer. .EXAMPLE Get-SMBStatus -ComputerName SERVER01 ComputerName : SERVER01 SMB1ServerStatus : Disabled SMB2ServerStatus : Enabled SMB3ServerStatus : Enabled SMB1ClientStatus : Disabled .EXAMPLE Get-SMBStatus -ComputerName server02 -Credential $Credential ComputerName : SERVER02 SMB1ServerStatus : Disabled SMB2ServerStatus : Enabled SMB3ServerStatus : Unsupported SMB1ClientStatus : Disabled .LINK https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ .LINK https://gallery.technet.microsoft.com/scriptcenter/Get-SMB1Status-8ecede0e .LINK https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 #> function Get-SMBStatus { [CmdletBinding()] param ( [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, ValueFromPipeline=$true, Position=0)] [string[]]$ComputerName = $env:COMPUTERNAME, [System.Management.Automation.PSCredential]$Credential = [System.Management.Automation.PSCredential]::Empty ) begin { #region Get-SMBServerStatus # Helper function to get the SMB Server status for each applicable version function Get-SMBServerStatus { $VerbosePreference = 'Continue' #region Get-SMBServerRegistry # Helper function to get the SMB Server status from the registry for each version. function Get-SMBServerRegistry { param ( [ValidateSet('SMB1','SMB2','SMB3')] [string]$SMBVersion ) try { $ErrorActionPreference = 'Stop' $SMBServerRegistry = Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Name $SMBVersion # Evaluating SMB version Server status if ($SMBServerRegistry.$SMBVersion -eq 0) { Write-Verbose "$SMBVersion registry key exists and is set to 0." $SMBServerRegistryStatus = 'Disabled' } elseif ($SMBServerRegistry.$SMBVersion -eq 1) { Write-Verbose "$SMBVersion registry key exists and is set to 0." $SMBServerRegistryStatus = 'Enabled' } else { Write-Verbose "$SMBVersion registry key is null." $SMBServerRegistryStatus = $null } $SMBServerRegistryStatus } catch { Write-Verbose -Message "$SMBVersion key value not found on $env:COMPUTERNAME." $SMBServerRegistryStatus = 'Enabled' $SMBServerRegistryStatus } } #endregion # Get operating system version to check for supported SMB server versions $OS = Get-WmiObject -Class win32_operatingsystem Write-Verbose "$($env:COMPUTERNAME) is running $($OS.Caption) version $($OS.Version)." if ([version]$OS.version -ge [version]'6.0' -and [version]$OS.version -lt [version]'6.2') { # SMB1 supported $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1 # SMB2 supported $SMB2ServerStatus = Get-SMBServerRegistry -SMBVersion SMB2 # SMB3 unsupported $SMB3ServerStatus = 'Unsupported' } elseif ([version]$OS.version -ge [version]'6.2') { # SMB1 supported $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1 # SMB2 supported $SMB2ServerStatus = Get-SMBServerRegistry -SMBVersion SMB2 # SMB3 supported $SMB3ServerStatus = Get-SMBServerRegistry -SMBVersion SMB3 } else { # SMB1 supported $SMB1ServerStatus = Get-SMBServerRegistry -SMBVersion SMB1 # SMB2 unsupported $SMB2ServerStatus = 'Unsupported' # SMB3 unsupported $SMB3ServerStatus = 'Unsupported' } $SMBServerStatusProperties = @{ SMB1ServerStatus = $SMB1ServerStatus SMB2ServerStatus = $SMB2ServerStatus SMB3ServerStatus = $SMB3ServerStatus } $SMBServerStatus = New-Object -TypeName PSCustomObject -Property $SMBServerStatusProperties $SMBServerStatus } #end region #region Get-SMB1ClientStatus function Get-SMB1ClientStatus { try { $SMB1ClientServiceDependency = Get-Service -name LanManWorkstation -RequiredServices -ErrorAction Stop | Where-Object -FilterScript {$_.Name -eq 'MrxSmb10'} if ($SMB1ClientServiceDependency) { $SMB1ClientStatus = 'Enabled' } else { $SMB1ClientStatus = 'Disabled' } $SMB1ClientStatus } catch { $SMB1ClientStatus = $null $SMB1ClientStatus } } #endregion } process { foreach ($Computer in $ComputerName) { try { Write-Verbose -Message "Checking SMB status for $Computer" $Session = New-PSSession -ComputerName $Computer -ErrorAction Stop -Credential $Credential $SMBServerStatus = Invoke-Command -ScriptBlock ${function:Get-SMBServerStatus} -Session $Session $SMB1ClientStatus = Invoke-Command -ScriptBlock ${function:Get-SMB1ClientStatus} -Session $Session Remove-PSSession -Session $Session $SMBStatusProperties = [ordered]@{ ComputerName = $Computer SMB1ServerStatus = $SMBServerStatus.SMB1ServerStatus SMB2ServerStatus = $SMBServerStatus.SMB2ServerStatus SMB3ServerStatus = $SMBServerStatus.SMB3ServerStatus SMB1ClientStatus = $SMB1ClientStatus } $SMBStatus = New-Object -TypeName pscustomobject -Property $SMBStatusProperties $SMBStatus } catch { Write-Error $Error[0].ErrorDetails return } } } end {} } |