A PowerShell script to disable and remove SMB 1.0 from an entire domain. If you don't rely on this protocol, Microsoft's bloggers recommend you remove it (though it's still enabled by default).
Please don't rely on this to protect your systems from the EternalBlue/WannaCry exploit. Install the official Microsoft security patches. Use this script only as an extra line of defense.
- Log onto a computer, as a user who has administrative rights to all computers on the domain.
- Install the Active Directory PowerShell module.
- Adjust your execution policy as needed with
Set-ExecutionPolicy. - Run this script:
.\Remove-SMB1FromDomain.ps1