<# # It is recommended to test the script on a local machine for its purpose and effects. # ManageEngine Endpoint Central will not be responsible for any # damage/loss to the data/setup based on the behavior of the script. # Description: Script is designed to list SMB (SMB1/SMB2) & TLS (TLS 1.0/TLS 1.1/TLS 1.2/TLS 1.3) versions # Configuration Type - COMPUTER #> # Check SMB1 status $SMB1Status = (Get-SmbServerConfiguration).EnableSMB1Protocol # Check SMB2 status $SMB2Status = (Get-SmbServerConfiguration).EnableSMB2Protocol # Display the status of SMB1 if ($SMB1Status -eq $true) { Write-Output "SMB1 is enabled." } else { Write-Output "SMB1 is disabled." } # Display the status of SMB2 if ($SMB2Status -eq $true) { Write-Output "SMB2 is enabled." } else { Write-Output "SMB2 is disabled." } # TLS version $ProtocolList = @("TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3") $ProtocolSubKeyList = @("Client", "Server") $DisabledByDefault = "DisabledByDefault" $Enabled = "Enabled" $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\" foreach ($protocol in $ProtocolList) { foreach ($subKey in $ProtocolSubKeyList) { $fullPath = Join-Path -Path $registryPath -ChildPath "$protocol\$subKey" # Check if the registry key exists if (Test-Path $fullPath) { # Check if the registry value "Enabled" is present and its value is "1" $isEnabled = (Get-ItemProperty -Path $fullPath -Name $Enabled -ErrorAction SilentlyContinue).$Enabled -eq 1 if ($isEnabled) { Write-Host "$protocol $subKey is enabled" } else { Write-Host "$protocol $subKey is not enabled" } } else { Write-Host "$protocol $subKey is not present" } } }