Description
This PowerShell script is designed to create an SCCM package that disables the SMBv1 protocol across your systems. Disabling SMBv1 is a critical security measure, as this legacy protocol is known to be vulnerable to various exploits. By using SCCM, you can efficiently deploy this security enhancement across all managed devices in your environment.
PowerShell Script
# Define Variables $ScriptName = "Disable-SMBv1-Protocol" $ScriptDescription = "Disables the SMBv1 protocol to enhance security by preventing exploitation of legacy vulnerabilities." $PackageSourcePath = "C:\Scripts\$ScriptName" # Load SCCM PowerShell Module Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" -Force $SiteCode = "YourSiteCode" cd "$SiteCode`:" # Check if a package with the same name exists and delete it $ExistingPackages = Get-CMPackage -Name $ScriptName -ErrorAction SilentlyContinue if ($ExistingPackages) { foreach ($Package in $ExistingPackages) { Remove-CMPackage -Id $Package.PackageID -Force } } # Create the Package Source Directory if it does not exist if (!(Test-Path -Path $PackageSourcePath)) { New-Item -ItemType Directory -Path $PackageSourcePath -Force } # Create the PowerShell script $ScriptContent = @' Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" '@ $ScriptPath = "$PackageSourcePath\$ScriptName.ps1" Set-Content -Path $ScriptPath -Value $ScriptContent # Create the SCCM Package $Package = New-CMPackage ` -Name $ScriptName ` -Description $ScriptDescription ` -Path $PackageSourcePath # Create a Program for the Package $Program = New-CMProgram ` -PackageName $ScriptName ` -StandardProgramName $ScriptName ` -CommandLine "powershell.exe -ExecutionPolicy Bypass -File $ScriptPath" ` -ProgramRunType "WhetherOrNotUserIsLoggedOn" # Distribute the Package to the Distribution Point but do not deploy Start-CMContentDistribution ` -PackageName $ScriptName ` -DistributionPointName "YourDistributionPointName"
Explanation
This script automates the creation of an SCCM package that disables the SMBv1 protocol on target systems. SMBv1 has been deprecated due to security vulnerabilities, and this script ensures that it is disabled across all devices managed by SCCM, thereby enhancing your network security.
Tags:
#Security #PowerShell #SMBv1 #SCCM