1. Main page
2. OsbornePro TV

Securing SMB (Read Note in Description) [Windows Server 2019]

IMPORTANT NOTE:
I realized that I missed covering the below registry setting values in the video. CREATE these registry in your group policy object for disabling SMBv1. If after disabling SMBv1 in a domain environment you notice the "netlogon" service is not starting it is because the dependent "workstation" service is not starting. You can verify this with the "SMBWitnessClient" Event ID 1. The workstation service is still relying on SMBv1. You can fix that issue using the below PowerShell commands to set the needed registry values and then restart the device. If you like what you see please Subscribe!

New-Item -Path "HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters" -Force -ErrorAction SilentlyContinue | Out-Null
Set-Itemproperty -Path "HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type Dword -Value 0 -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type Dword -Value 1 -Force
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation" -Name "DependOnService" -Value "Bowser", "MRxSmb20", "NSI" -Type MultiString
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb10" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb10" -Name "Start" -Type Dword -Value 4 -Force
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb20" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb20" -Name "Start" -Type Dword -Value 2 -Force
Restart-Computer -Confirm:$True
############## END IMPORTANT NOTE #############

I (tobor), demonstrate how to secure the SMB protocol in a domain environment using methods such as SMB signing and strong protocols like Server Message Block (smb) protocol version 2 and 3

###### HOME USERS ######
Disable SMBv1 using the below PowerShell command as an admin
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters" -Name RequireSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkStation\Parameters" -Name EnableSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" -Name RequireSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters" -Name EnableSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null

###### DOMAIN ADMINS ######
Enable auditing of SMBv1 connections with this command
Set-SmbServerConfiguration -AuditSmb1Access $True -Force

-------------------------------------------------------------------------------------------------------

When SMBv1 auditing is enabled EventID 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1.


###### GPO TEMPLATE DOWNLOAD ######
Group Policy Settings for SMBv1 can be downloaded from
LINK: https://docs.microsoft.com/en-us/arch...

Once you download "Windows 10 Version 1803 Security Baseline" go into the Templates folder
Copy the .admx files into C:\Windows\PolicyDefinitions\
Copy the adml files into C:\Windows\PolicyDefinitions\en-US

RESPONDER TOOL USED
https://github.com/lgandx/Responder

0:00 Intro Summary
0:41 Demo of SMB Message Signing Importance
1:22 SMB Signing Enabled Prevents connection
1:36 SMB Singing NOT Enabled Allows Connection
2:32 Why you should disable SMBv1
3:35 Enable Audit Logging of SMBv1 Connections
4:34 HOME USERS : Disable SMBv1
5:09 Download Group Policy ADMX Template for SMBv1
6:55 Group Policy Settings MSS Security Guide
7:36 Group Policy Settings Kerberos Policy
9:31 Group Policy Settings Security Options
13:44 Group Policy Settings Lanman Workstation
14:22 Group Policy Settings Network Provider
15:49 Prevent Users from Creating Network Shares to Share Files
16:30 Thank you for watching!


View my Verified Certifications!
https://www.credly.com/users/robertho...

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Official Site
https://osbornepro.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
  / osborneprollc  

View PS Gallery Modules!
https://www.powershellgallery.com/pro...

The B.T.P.S. Security Package
https://btpssecpack.osbornepro.com/

Watch video Securing SMB (Read Note in Description) [Windows Server 2019] online, duration hours minute second in high quality that is uploaded to the channel OsbornePro TV 05 April 2021. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 6,975 times and liked it 130 visitors.

play_arrow

1,265

15

ТУРЦИЯ отель Club Sea Time пляж

play_arrow

1,017,697

9.8K

COD Black Ops Zombies: FIVE rounds 1-40 Solo gameplay (no commentary)

play_arrow

87

10

•𝙏𝙪𝙩𝙤𝙧𝙞𝙖𝙡• на моргание• и на крт.., монт, @Qlaven

play_arrow

89

0

Borlänge Faluföretagens högskolestipendium 2021

play_arrow

187

4

Eudora is coming to town!!! (Ho Ho Ho)

play_arrow

353,489

6.1K

বেরিয়ে আসলো অনেক তথ্য । অপু বিশ্বাস ও শাকিব খান কে নিয়ে মুখ খুললেন । পরিচালক সোলায়মান আলী লেবু ।

play_arrow

3,430

42

Huawei LUA-l21 Latest Version Frp Remove Success Sigma

play_arrow

2,291

75

A burning man sandstorm party 2023