Due to a recent vulnerability found in SMB1, we will be disabling the protocol until a Windows Software Update Service is made available to patch all workstations.
On Windows 10, PowerShell is used to disable the protocol.
Get the feature status:
Get-WindowsOptionalFeature -Online -FeatureName smb1protocol
We an also pipe the results out to a text file:
Get-WindowsOptionalFeature -Online -FeatureName smb1protocol | Out-File C:\SMB1-Status.txt
Opening the text file on the local machine will give us the command output. We can see the feature is currently Enabled, DisablePending, or Disabled.
If the protocol state is currently Enabled, we can disable it using:
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
This command, however, requires a restart. The -NoRestart parameter must be used if this will be ran remotely while another user is currently logged in.
Since the clients do not have Remote PowerShell capabilities enabled at the moment, we will need to add this command to a batch file for remote processing. Save the following to a batch file:
powershell -Command "& {Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart}" powershell -Command "& {Get-WindowsOptionalFeature -Online -FeatureName smb1protocol | Out-File C:\SMB1-Status.txt}"
Then use PSExec to execute the batch file remotely:
PSEXEC @C:\client_list.txt -u DOMAIN\user -s \\path\to\smb1_disable.bat
At this point, PSExec should let you know which clients completed the feature uninstall. There should also be a text file on the local client with the command output and status. The clients will need to be restarted in order for the changes to apply. Running the batch file again will update the status on the text files.