Protect your domain against WannaCry malware
As you all know the #wannacry malware hit the whole world in the last few days. The vulnerability behind this malware was leaked out by ShadowBrokers. Since the spreading rate of this vulnerability is greatly increasing, it is considered an obligation to prevent from this.
The protection is not hard though. Firstly make sure that you have MS17-010 applied in your environment. Beside you need to make sure SMBv1 is disabled, if not, do it fast! Actually it not even needed in moderns OS these days to use SMBv1. So there should be no drawbacks in disabling it, at least I am not aware of.
There are variety of ways to disable SMBv1 on your servers and workstations, but I used the most efficient way and the simplest one which is by GPO which can target all sort of operating systems. Just fire up GPMC and create a new GPO called ‘DisabledSMBv1’ and apply to the whole domain or the scope which you prefer.
For the setting part, we need a GPP registry applied via Computer Policy with below values:
- Hive: HKLM
- Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Value Name: SMB1
- Value Type: Reg_DWORD
- Value Data: 0
This is an image representing the settings.
And that’s it!