Protect your domain against WannaCry malware

As you all know the #wannacry malware hit the whole world in the last few days. The vulnerability behind this malware was leaked out by ShadowBrokers. Since the spreading rate of this vulnerability is greatly increasing, it is considered an obligation to prevent from this.


The protection is not hard though. Firstly make sure that you have MS17-010 applied in your environment. Beside you need to make sure SMBv1 is disabled, if not, do it fast! Actually it not even needed in moderns OS these days to use SMBv1. So there should be no drawbacks in disabling it, at least I am not aware of.

There are variety of ways to disable SMBv1 on your servers and workstations, but I used the most efficient way and the simplest one which is by GPO which can target all sort of operating systems. Just fire up GPMC and create a new GPO called ‘DisabledSMBv1’ and apply to the whole domain or the scope which you prefer.

For the setting part, we need a GPP registry applied via Computer Policy with below values:

  • Hive: HKLM
  • Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  • Value Name: SMB1
  • Value Type: Reg_DWORD
  • Value Data: 0

This is an image representing the settings.

And that’s it!


About Mahdi

Post Archive

Sticky RIS settings in 'Default Domain Policies'?

Written By Mahdi Tehrani on Saturday, 13 January 2018 11:03

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47