The first step in creating a file server is to harden it. A file server can contain sensitive information, and you should take reasonable steps to avoid some of the common attack mechanisms and adopt best security practice. Security is a good thing but be careful! By locking down your SMB file server too hard, you can lock some users out of the server. SMB 1.0 has a number of weaknesses and in general should be removed. But, if you disable SMB 1.0, you may find that older computers (for example running Windows XP) lose the ability to access shared data.
This recipe helps you to harden a single file server, FS1
, which has locally attached storage. The server is domain joined and has the full GUI. FS1
has only the default services, plus the FileServer
feature loaded. To add the FileServer
feature to Windows, you could do this:
Install-WindowsFeature -Name FS-FileServer `
-IncludeManagementTools