wapt
/
wapt-smb1-client
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
wapt-smb1-client/tis/tis-disable-smb1-client/setup.py

121 lines
6.3 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
from setuphelpers import *
import platform
uninstallkey = []
def pending_reboot_reasons():
result = []
reboot_required = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update','RebootRequired',0)
if reboot_required:
result.append('Windows Update: %s' % reboot_required)
reboot_pending = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing','RebootPending',0)
if reboot_pending:
result.append('CBS Updates: %s' % reboot_pending)
renames_pending = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Control\Session Manager','PendingFileRenameOperations',None)
if renames_pending:
result.append('File renames: %s' % renames_pending)
return result
def is_kb_installed(hotfixid):
installed_update = installed_windows_updates()
if [kb for kb in installed_update if kb['HotFixID' ].upper() == hotfixid.upper()]:
return True
return False
def install_kb4012598():
if windows_version() < Version('5.2'):
install_exe_if_needed('windowsxp-kb4012598-x86-custom-fra_eb47689656c58ab374521babb9bdca07304d87f5.exe','/quiet /norestart',key='',min_version='1')
elif windows_version() < Version('5.3'):
if iswin64():
install_exe_if_needed('WindowsServer2003-KB4012598-x64-custom-ENU.exe','/quiet /norestart',key='',min_version='1')
else:
install_exe_if_needed('windowsserver2003-kb4012598-x86-custom-fra_9cf9ac070a1b21bca6757de5d127427c090d581d.exe','/quiet /norestart',key='',min_version='1')
else:
error('Please install kb4012598')
def install():
restart_needed_by = []
"""
if service_installed('mrxsmb10') and service_is_running('mrxsmb10'):
print('Disable SMB1 client')
run('sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi')
run('sc.exe config mrxsmb10 start= disabled')
restart_needed_by.append('Disable SMB1 client service')
else:
print('OK: SMB1 client not running')
"""
if windows_version() < Version('8.1',2):
was_smb1server = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',1)
registry_setstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',0,type=REG_DWORD)
if was_smb1server:
restart_needed_by.append('Disable SMB1 server service')
else:
print('OK: SMB1 server disabled in registry')
else:
was_smb1server = run_powershell('Get-SmbServerConfiguration | Select EnableSMB1Protocol').get('EnableSMB1Protocol',True)
print('Current SMB1 status : %s' % (was_smb1server,))
if was_smb1server:
print('Disabling SMB1')
result = run_powershell('Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force')
result = run_powershell('Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart')
# {u'ScratchDirectory': None, u'RestartNeeded': True, u'LogLevel': 2, u'LogPath': u'C:\\Windows\\Logs\\DISM\\dism.log', u'WinPath': None, u'Online': True, u'SysDrivePath': None, u'Path': None}
if result.get('RestartNeeded',True):
restart_needed_by.append('Disable SMB1 Server Feature')
# before Vista, no SMB2, so check patch
if windows_version() < Version('6.0'):
# check if KB4012598 is installed
if not is_kb_installed('KB4012598'):
install_kb4012598()
restart_needed_by.extend(pending_reboot_reasons())
if was_smb1server or restart_needed_by:
with disable_file_system_redirection():
run_notfatal('msg * /time:360 Merci de redemarrer votre ordinateur pour terminer la desactivation du service vulnerable serveur SMB1. Tranquil IT Systems.')
error('Redemarrage necessaire pour : %s ' % restart_needed_by)
else:
print('No reboot required')
def uninstall():
restart_needed_by = []
"""
if service_installed('mrxsmb10') and not service_is_running('mrxsmb10'):
print('Enable SMB1 client')
# see https://support.microsoft.com/fr-fr/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
run('sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi')
run('sc.exe config mrxsmb10 start= auto')
restart_needed_by.append('Enable SMB1 client service')
else:
print('OK: SMB1 client running or not installed')
"""
if windows_version() < Version('8.1'):
was_smb1server = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',0)
registry_setstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',1,type=REG_DWORD)
if not was_smb1server:
restart_needed_by.append('Enable SMB1 server service')
else:
print('OK: SMB1 server enabled in registry')
else:
was_smb1server = run_powershell('Get-SmbServerConfiguration | Select EnableSMB1Protocol').get('EnableSMB1Protocol',True)
print('Current SMB1 status : %s' % (was_smb1server,))
if not was_smb1server:
print('Enabling SMB1')
result = run_powershell('Set-SmbServerConfiguration -EnableSMB1Protocol $true -Force')
result = run_powershell('Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart')
# {u'ScratchDirectory': None, u'RestartNeeded': True, u'LogLevel': 2, u'LogPath': u'C:\\Windows\\Logs\\DISM\\dism.log', u'WinPath': None, u'Online': True, u'SysDrivePath': None, u'Path': None}
if result.get('RestartNeeded',True):
restart_needed_by.append('Enable SMB1 Server Feature')
restart_needed_by.extend(pending_reboot_reasons())
if not was_smb1server or restart_needed_by:
with disable_file_system_redirection():
run_notfatal('msg * /time:360 Merci de redemarrer votre ordinateur pour terminer la reactivation du service serveur SMB1. Tranquil IT Systems.')
else:
print('No reboot required')
Reference in New Issue View Git Blame Copy Permalink