Description

This PowerShell script is designed to create an SCCM package that disables the SMBv1 protocol across your systems. Disabling SMBv1 is a critical security measure, as this legacy protocol is known to be vulnerable to various exploits. By using SCCM, you can efficiently deploy this security enhancement across all managed devices in your environment.

PowerShell Script

# Define Variables
$ScriptName = "Disable-SMBv1-Protocol"
$ScriptDescription = "Disables the SMBv1 protocol to enhance security by preventing exploitation of legacy vulnerabilities."
$PackageSourcePath = "C:\Scripts\$ScriptName"

# Load SCCM PowerShell Module
Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" -Force
$SiteCode = "YourSiteCode"
cd "$SiteCode`:"

# Check if a package with the same name exists and delete it
$ExistingPackages = Get-CMPackage -Name $ScriptName -ErrorAction SilentlyContinue
if ($ExistingPackages) {
    foreach ($Package in $ExistingPackages) {
        Remove-CMPackage -Id $Package.PackageID -Force
    }
}

# Create the Package Source Directory if it does not exist
if (!(Test-Path -Path $PackageSourcePath)) {
    New-Item -ItemType Directory -Path $PackageSourcePath -Force
}

# Create the PowerShell script
$ScriptContent = @'
Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
'@

$ScriptPath = "$PackageSourcePath\$ScriptName.ps1"
Set-Content -Path $ScriptPath -Value $ScriptContent

# Create the SCCM Package
$Package = New-CMPackage `
    -Name $ScriptName `
    -Description $ScriptDescription `
    -Path $PackageSourcePath

# Create a Program for the Package
$Program = New-CMProgram `
    -PackageName $ScriptName `
    -StandardProgramName $ScriptName `
    -CommandLine "powershell.exe -ExecutionPolicy Bypass -File $ScriptPath" `
    -ProgramRunType "WhetherOrNotUserIsLoggedOn"

# Distribute the Package to the Distribution Point but do not deploy
Start-CMContentDistribution `
    -PackageName $ScriptName `
    -DistributionPointName "YourDistributionPointName"

Explanation

This script automates the creation of an SCCM package that disables the SMBv1 protocol on target systems. SMBv1 has been deprecated due to security vulnerabilities, and this script ensures that it is disabled across all devices managed by SCCM, thereby enhancing your network security.

Tags:

#Security #PowerShell #SMBv1 #SCCM