We have some folders shared on old windows 2003 box, while trying to access them from windows 10 workstation, we are seeing following error …
In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. To enable it ,
Start powershell with privilege mode (on your windows 10 workstation) by >
Open CMD in privilege mode, and start powershell
1 | powershell |
Now get status of SMB1Protocol
1 | Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol |
Probably it will be in Disabled State, change it to enable using following cmd,
1 | Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol |
Afterwards, it may ask you to reboot machine, Do it to restart so that changes can take effect.
Status after enabling SMB1Protocol
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | PS C:\> Get-WindowsOptionalFeature –Online –FeatureName SMB1ProtocolFeatureName : SMB1ProtocolDisplayName : SMB 1.0/CIFS File Sharing SupportDescription : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.RestartRequired : PossibleState : EnabledCustomProperties :ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the ComputerBrowser protocol.ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing SupportServerComponent\Id : 487ServerComponent\Type : FeatureServerComponent\UniqueName : FS-SMB1ServerComponent\Deploys\Update\Name : SMB1Protocol |
Now try to access windows 2003 sharing folder & hopefully it will work fine.
Disable SMB v1 in Windows
Open powershell cmd, and issue
1 | Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force |
Disable SMB1 using Windows registry
You can also tweak the Windows Registry to disable SMB1.
Run regedit and navigate to the following registry key:
1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters |
In the right side, the DWORD SMB1 should not be present or should have a value of 0.
The values for enabling and disabling it are as follows:
0 = Disabled
1 = Enabled
Regard’s
Syed Jahanzaib
October 2, 2018
Tracking Account Lockout Source in Active Directory
Following are some short reference notes to MYSelf on how to trace account lockout in active directory environment’. An audit policy must be set on all computers and domain controllers.
Scenario:
We are running two domain controller and some times account lock out issue appears at user end. To trace which workstation is the fault point we use different methods to sort it.
1# Examine Domain Controllers Event Viewer
open Event Viewer on the DC, and goto Security tab, right click and select Filter Current Log, in <All Event ID> type 4740 & hit Ok. and you will see details for the offending account/workstation.
2# Use Powershell Scripts
2a) Trace offending account/workstations using single liner PS cmd …
You can also use powershell to get event log information for account lockouts events …
1 | Get-Eventlog –ComputerName ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).FindDomainController() “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message |
Result:
1 2 3 4 5 6 7 8 9 10 11 12 | TimeGenerated : 10/2/2018 9:37:34 AMMessage : A user account was locked out.Subject:Security ID: S-1-5-18Account Name: DC01$Account Domain: MYDOMAINLogon ID: 0x3e7Account That Was Locked Out:Security ID: S-1-5-21-664357565-1371172752-1124750213-14855Account Name: testidAdditional Information:Caller Computer Name: UNKNOWN-PC |
2.b#) PS Script to fetch information from all DC
Read following guide
in privilege powershell command prompt, create new script as below …
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | #script written by Alexandre Almeida# for get user Account Lockout Host name, or ENTER to get all list$username = Read-Host "Please Enter the Locked User Name: "$DCCounter = 0$LockedOutStats = @()Try{Import-Module ActiveDirectory -ErrorAction Stop}Catch{Write-Warning $_Break}#Get all domain controllers in domain$DomainControllers = Get-ADDomainController -Filter *$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})Write-Verbose "Finding the domain controllers in the domain"Foreach($DC in $DomainControllers){# $DCCounter++# Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)Write-Verbose "Finding the Which domain controllers Authenticate the Password"Try{$UserInfo = Get-ADUser -Identity $username -Server $DC.Hostname -Properties LastLogonDate -ErrorAction StopWrite-Verbose "Bad Password Attempt count collected"}Catch{# Write-Warning $_Continue}If($UserInfo.LastBadPasswordAttempt){$LockedOutStats += New-Object -TypeName PSObject -Property @{Name = $UserInfo.SamAccountNameSID = $UserInfo.SID.ValueLockedOut = $UserInfo.LockedOutBadPwdCount = $UserInfo.BadPwdCountBadPasswordTime = $UserInfo.BadPasswordTimeDomainController = $DC.HostnameAccountLockoutTime = $UserInfo.AccountLockoutTimeLastLogonDate = ($UserInfo.LastLogonDate).ToLocalTime()}}#end if}#end foreach DCs$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize#Get User InfoTry{Write-Verbose "Querying event log on $($PDCEmulator.HostName)"Write-Verbose "Collecting Event Log"$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending}Catch{Write-Warning $_Continue}#end catchForeach($Event in $LockedOutEvents){If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value}){$Event | Select-Object -Property @(@{Label = 'User'; Expression = {$_.Properties[0].Value}}@{Label = 'DomainController'; Expression = {$_.MachineName}}@{Label = 'EventId'; Expression = {$_.Id}}@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}@{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}@{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}})Write-host $_.MachineName}#end ifevent}#end foreach lockedout eventWrite-Verbose "Collected Details Update in the Text File. Please find the Text file for More Details"echo "Cache Profile Removal Steps1) Open Control Panel > Credential Manager > Remove all Saved Password.2) Remove passwords by clicking on Start => Run => type (rundll32.exe keymgr.dll KRShowKeyMgr) without quotes and then delete the Domain-related passwords;3) Remove passwords in Internet Explorer => Tools => Internet Options =>Content => Personal Information => Auto Complete => Clear Passwords;4) Delete cookies in Internet Explorer => Tools => Internet Options =>General;5) Disconnect (note the path before disconnecting) all networks drives, reboot, then map them again;6) Start -> run ->type control userpasswords2 without quotes and go to advanced -> Manage passwords and remove all the stored passwords.7) Reconfigure Your mobile Setting if your Active sync enabled.8) Check if any saved or scheduled task is configured for user accountMicrosoft Kwoledge Bytes Link for Cache profile Removal Steps: |
