Purpose:
You wish to identify computers in your environment with SMBv1 enabled. Due to ransomware attacks that involve vulnerabilities in SMBv1, some customers have requested a way to identify machines that have SMBv1 enabled.
Resolution:
To check if a specific machine has SMBv1 enabled, you can view this information under the Computer Details section in PDQ Inventory:
Create the Dynamic Collection to Audit for SMBv1:
To check all your machines, to see if SMBv1 is enabled, you can create a new collection:
1. Click on New Dynamic Collection in the PDQ Inventory Toolbar (or Ctrl + N or click on Collection in the menu and select New Dynamic Collection).
2. Create your collection to look like this:
3. Additionally, you can convert this into a report by right-clicking the Dynamic Collection you created and select New > Report From Collection. This will allow you to add other fields to the report (OS, architecture, for example) that provide more detailed information.
See Also:
Knowledge Base Article: WannaCrypt And Friends: Identify And Mitigate Vulnerabilities
Video: WannaCrypt Ransomware Attack Patch / Update
Blog Article: WannaCrypt Ransomware Attack Patch
Microsoft’s Article on Disabling SMBv1
Comments
0 comments
Article is closed for comments.