search

ClaudioMerola / ADxRay

Active Directory's Health Check script that generates a full HTML report of the environment's health, security and status based on Microsoft's Best Practices.
GNU General Public License v3.0
93 stars 37 forks source link

SMBv1 Incorrectly detect as enabled on Windows Server 2022 #5

Closed Destarianon closed 1 month ago

Destarianon commented 9 months ago

It appears that SMBv1 is being incorrectly detected an "enabled" in reports, when run against a Windows Server 2022 domain controller.

Getting SMB protocol information via Powershell confirms it is disabled:

PS> Get-SmbServerConfiguration | Select EnableSMB1Protocol

EnableSMB1Protocol
------------------
             False

image

ClaudioMerola commented 7 months ago

Hello @Destarianon

You are right, it was a bug, I believe I have fixed it. Can you try the script now? (version 6.0.5)

gitgoodgreghub commented 6 months ago

Hello, I have the new version 6.0.5 but am still experiencing this issue.

ClaudioMerola commented 6 months ago

Hi @gitgoodgreghub,

This happens only with Windows Servers 2022?

Can you open powershell in any of the servers and run the following commands and post the output here?

$TempVariable = Get-SmbServerConfiguration | Select EnableSMB1Protocol Write-Host $TempVariable

gitgoodgreghub commented 6 months ago

I will try to verify that for you and get back to you as soon as I can. Also of note, the Recycle Bin check behaves similarly, it's not always accurate across different server versions. Thank you for the quick response and your work building this tool!

lkitsos commented 1 month ago

Hi, Replace line 1789 with: if (!$SMBv1 -or $SMBv1 -eq 'False' -or $SMBv1 -eq $false -or $SMBv1.EnableSMB1Protocol -eq 'False' -or !$SMBv1.EnableSMB1Protocol)

This solved for me the problem i had on Windows Server 2019. This change only applies to version 6.0.5 i haven't tested on other versions.

ClaudioMerola commented 1 month ago

Hi @lkitsos,

Thanks for the fix. I already applied in the script