Apart from File Sharing what are good reasons to not disable the Windows SMB service by default on a corporate environment?
This protocol seems to have a lot of security vulnerabilities and been using extensively for malicious lateral moves within the network.
When Windows servers are used in a a corporate environment, they mostly use an Active Directory infrastructure. At least there SMB (used by shares and share access by clients) is indispensable.
Domain Controller
In a Active Directory environment at least domain controllers definitely need administrative shares ...
You may receive errors when you try to perform administrative tasks on a domain controller. For example, MMC snap-ins such as Active Directory Users and Computers or Active Directory Sites and Services may not start, and you may receive an error message that is similar to the following:
quote from: Overview of problems that may occur when administrative shares are missing
... specially, for replication purposes, when jou have multiple domain controllers:
Domain controllers without SYSVOL shared cannot replicate inbound because of upstream (source) domain controllers being in an error state.
quote from: DFS Replication: How to troubleshoot missing SYSVOL and Netlogon shares
To access an (administrative) share, SMB is needed.
Domain Clients
Workstations and domain member servers need the workstation service (also SMB) to access the domain controller to run logon scripts etc.
The answer about SYSVOL is huge, so there's that. Also, a lot of workstation management/software deployment technologies depend on the target workstations having a c$ share for file distribution.
