wiki.gimbo.org

User Tools

Site Tools

Trace: win_newwin_oldsmb
public:win_newwin_oldsmb

Windows: connections to a SMB1 SMB2 shares


Use as administrator:

powershell 

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Enable-NetFirewallRule -Group "@FirewallAPI.dll,-28502"
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Write-Host "Configurazione SMB1 per Windows 11 24H2..." -ForegroundColor Green
 
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "RequireSecuritySignature" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "EnableSecuritySignature" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "EnablePlainTextPassword" -Value 1 -Type DWord
 
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinClientSec" -Value 0x20000000 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinServerSec" -Value 0x20000000 -Type DWord
 
Write-Host "Riavvio servizi..." -ForegroundColor Yellow
Stop-Service -Name "LanmanWorkstation" -Force
Start-Service -Name "LanmanWorkstation"
 
Write-Host "Configurazione completata!" -ForegroundColor Green

cmd 

REM Abilita accesso guest non sicuro
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f
 
REM Disabilita firma digitale SMB
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "EnableSecuritySignature" /t REG_DWORD /d 0 /f
 
REM Abilita password in chiaro
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "EnablePlainTextPassword" /t REG_DWORD /d 1 /f
 
REM CORREZIONE NTLM - da verificare meglio
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v "NtlmMinClientSec" /t REG_DWORD /d 0x20000000 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v "NtlmMinServerSec" /t REG_DWORD /d 0x20000000 /f
 
REM Riavvia servizi
net stop LanmanWorkstation
net start LanmanWorkstation

gpedit.msc 

> ComputerConfiguration > Administrative templates > Network > Lanman Workstation 
--> ENABLE insecure guest logons
 
> Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.
--> DISABLE Microsoft network client: Digitally sign communications (always)
 
> Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.
--> DISABLE Microsoft Network Client: Digitally sign communications (if server agrees)

Scripts completi per diagnosi e fix
smb1.zip


return to gimbo wiki home page

public/win_newwin_oldsmb.txt · Last modified: by gmarco