Blog Of Directory Service
  • ···
  • Home
  • ···
  • ···
  • About Me
  • ···
  • ···
  • Contact Me
  • ···
  • ···
LinkedInTechNet
Post Page
Home/Blog/Post/

Protect your domain against WannaCry malware

  • Post On 2017-05-23

As you all know the #wannacry malware hit the whole world in the last few days. The vulnerability behind this malware was leaked out by ShadowBrokers. Since the spreading rate of this vulnerability is greatly increasing, it is considered an obligation to prevent from this.

The protection is not hard though. Firstly make sure that you have MS17-010 applied in your environment. Beside you need to make sure SMBv1 is disabled, if not, do it fast! Actually it not even needed in moderns OS these days to use SMBv1. So there should be no drawbacks in disabling it, at least I am not aware of.

There are variety of ways to disable SMBv1 on your servers and workstations, but I used the most efficient way and the simplest one which is by GPO which can target all sort of operating systems. Just fire up GPMC and create a new GPO called ‘DisabledSMBv1’ and apply to the whole domain or the scope which you prefer.

For the setting part, we need a GPP registry applied via Computer Policy with below values:

  • Hive: HKLM
  • Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  • Value Name: SMB1
  • Value Type: Reg_DWORD
  • Value Data: 0

This is an image representing the settings.

undefined

And that’s it!

Active DirectoryGroup Policy
  • (0)
  • (60)
Mahdi Tehrani

info@mahditehrani.ir

Leave a comment
Comments
Search
Categories
Concepts (4)
Group Policy (1)
Active Directory (13)
PowerShell (2)
Latest Posts

Why NTDS size is different on different Domain Controllers?

  • Post On 2018-05-28

Limit Active Directory user login to 1 session

  • Post On 2017-08-24

Protect your domain against WannaCry malware

  • Post On 2017-05-23

The auditor of auditors: 'LepideAuditor Suite'

  • Post On 2017-05-23

‘List Object Mode’ in Active Directory, a myth or future settings?

  • Post On 2017-04-23

Fix Group Policy error 1058

  • Post On 2016-04-22

Bulk change specific permissions for users

  • Post On 2015-04-23

Create Shadow Groups (Dynamic Groups) in Active Directory

  • Post On 2015-03-23

Manipulate delegation wizard in Active Directory

  • Post On 2014-10-22

Am I locked out? Where? How?

  • Post On 2014-10-22
!APP License
Copyright © 2022 TondarNet V1.0.0