The enabled status of SMBv1 may be found in the Computer Info tab of a target in PDQ Inventory. The reporting method displays Yes or No based on both the SMB client and SMB server settings. PDQ Inventory looks in the following locations for this information:
SMB Client
- Windows 10 or higher:
- Check for WMI "select * from Win32_OptionalFeature where Name == 'SMB1Protocol'".
- If "InstallState" != 1, then client is disabled.
- Otherwise:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10
- Check for Start value. If it is 4, then the client is disabled.
SMB Server:
- Windows 8 or higher:
- WMI class MSFT_SmbServerConfiguration in "\ROOT\Microsoft\Windows\SMB", call method "GetConfiguration".
- If the output of EnableSMB1Protocol is true, the server is enabled.
Otherwise:
- "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
- Get value "SMB1", if the value does not equal 0, then the server is enabled.
For more information on Detecting, Enabling or Disabling SMB versions please refer to this article by Microsoft. https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
