Identify Computers with SMBv1 Enabled

Purpose:
You wish to identify computers in your environment with SMBv1 enabled. Due to ransomware attacks that involve vulnerabilities in SMBv1, some customers have requested a way to identify machines that have SMBv1 enabled. 

Resolution:
To check if a specific machine has SMBv1 enabled, you can view this information under the Computer Details section in PDQ Inventory:

Operating_System.jpg

Create the Dynamic Collection to Audit for SMBv1:
To check all your machines, to see if SMBv1 is enabled, you can create a new collection:

1. Click on New Dynamic Collection in the PDQ Inventory Toolbar (or Ctrl + N or click on Collection in the menu and select New Dynamic Collection).

2. Create your collection to look like this:

Collection.jpg
3. Additionally, you can convert this into a report by right-clicking the Dynamic Collection you created and select New > Report From Collection. This will allow you to add other fields to the report (OS, architecture, for example) that provide more detailed information.

See Also:
Knowledge Base Article: WannaCrypt And Friends: Identify And Mitigate Vulnerabilities
Video: WannaCrypt Ransomware Attack Patch / Update
Blog Article: WannaCrypt Ransomware Attack Patch
Microsoft’s Article on Disabling SMBv1

 

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.