Otto  background

Automox Worklet: Disabling SMBv1 Across Windows Devices

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

Automox Worklet Overview: Disabling SMBv1 Across Windows Devices

Server Message Block (SMB) is a network communication protocol used to share access to files, printers, etc. across devices in a network.

SMBv1 was first designed and used 30 years ago and is no longer adequate in providing security in today’s modern network infrastructure, where the complexity is only rivaled by that of the malicious code looking to exploit it.

Frankly, using, or having SMB1 enabled is unacceptable in today’s world as you can lose key protections offered by later SMB protocol versions, such as:

  • Pre-authentication integrity
  • Secure dialect negotiation
  • Encryption
  • Insecure guest authentication blocking, to protect against MiTM attacks.
  • Better message signing

Additionally, if your clients use SMB1, then a man-in-the-middle can tell your client to ignore all listed above. All they need to do is block SMB2+ on themselves and answer to your server’s name or IP.

To create this Worklet, use the evaluation and remediation code scripts located here in the original posting on the Automox community. Included in the post are scripts for Windows 10 and 8.1 and Windows 7. If the evaluation finds SMB1 enabled, it will exit with a "1", and then remediate. The remediation code disables SMB1 on the devices.

You can assign this Worklet to any number of your Windows groups and execute the policy. You can also set the Worklet to run on a schedule like any other Worklet.

View a demonstration in our July 2020 Patch Tuesday webinar.

Tips for Creating an Automox Worklet

Before deploying an Automox Worklet to the production environment, we suggest testing this on a few devices to confirm its accuracy. If you have any questions, please contact our support team for technical assistance at support@automox.com.

For step-by-step instructions on creating the Worklet, see our user documentation: Create a Worklet.


Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.