# Copyright (c) 2017 Microsoft Corporation. All rights reserved.## This sc

1. # Copyright (c) 2017 Microsoft Corporation. All rights reserved.
2. #
3.  
4. # This script is used to automatically removes support for the legacy SMB 1.0/CIFS protocol when such support isn’t actively needed during normal system usage.
5. Param
6. (
7.     [Parameter(Mandatory=$True)]
8.     [ValidateSet("Client", "Server")]
9.     [string]
10.     $Scenario
11. )
12.  
13. #
14. # ------------------
15. # FUNCTIONS - START
16. # ------------------
17. #
18.  
19. Function UninstallSmb1 ($FeatureNames)
20. {
21.   try
22.     {
23.        Disable-WindowsOptionalFeature -Online -FeatureName $FeatureNames -NoRestart
24.     }
25.     catch {}
26. }
27.  
28. #
29. # ------------------
30. # FUNCTIONS - END
31. # ------------------
32. #
33.  
34. #
35. # ------------------------
36. # SCRIPT MAIN BODY - START
37. # ------------------------
38. #
39.  
40.  
41. $ScenarioData = @{
42.     "Client" = @{
43.         "FeatureName" = "SMB1Protocol-Client";
44.         "ServiceName" = "LanmanWorkstation"
45.     };
46.     "Server" = @{
47.         "FeatureName" = "SMB1Protocol-Server";
48.         "ServiceName" = "LanmanServer"
49.     }
50. }
51.  
52. $FeaturesToRemove = @()
53.  
54. foreach ($key in $ScenarioData.Keys)
55. {
56.     $FeatureName = $ScenarioData[$key].FeatureName
57.     $ServiceName = $ScenarioData[$key].ServiceName
58.  
59.     $ScenarioData[$key].FeatureState = (Get-WindowsOptionalFeature -Online -FeatureName $FeatureName).State
60.     $ScenarioData[$key].ServiceParameters = Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\${ServiceName}\Parameters"
61. }
62.  
63. $FeaturesToRemove += $ScenarioData[$Scenario].FeatureName
64. $ScenarioData[$Scenario].FeatureState = "Disabled"
65.  
66. $RemoveDeprecationTasks = $true
67.  
68. foreach ($key in $ScenarioData.Keys)
69. {
70.     if($ScenarioData[$key].FeatureState -ne "Disabled" -and
71.        $ScenarioData[$key].ServiceParameters.AuditSmb1Access -ne 0) {
72.  
73.         $RemoveDeprecationTasks = $false
74.     }
75. }
76.  
77. if ($RemoveDeprecationTasks) {
78.     $FeaturesToRemove += "SMB1Protocol-Deprecation"
79.  
80.     $RemoveToplevelFeature = $true
81.  
82.     foreach ($key in $ScenarioData.Keys)
83.     {
84.         if($ScenarioData[$key].FeatureState -ne "Disabled") {
85.             $RemoveToplevelFeature = $false
86.         }
87.     }
88.  
89.     if ($RemoveToplevelFeature) {
90.         $FeaturesToRemove += "SMB1Protocol"
91.     }
92. }
93.  
94. UninstallSmb1 -FeatureName $FeaturesToRemove
95.  
96. $NewFeatureState = (Get-WindowsOptionalFeature -Online -FeatureName $ScenarioData[$Scenario].FeatureName).State
97.  
98. if ($NewFeatureState -ne "Enabled")
99. {
100.     $ServiceName = $ScenarioData[$Scenario].ServiceName
101.     $RegistryPath = "HKLM:\System\CurrentControlSet\Services\${ServiceName}\Parameters"
102.     New-ItemProperty -Path $RegistryPath -Name AuditSmb1Access -Value 0 -PropertyType DWORD -Force | Out-Null
103. }