Ideally we would like to disable SMBv1, but unfortunately a blanket ban on SMBv1 can cause issues. The number of systems potentially using SMBv1 in a school is so large that a mandate to turn it off, delivered by a patch or CC4 update could cause chaos in some school's systems. CC4 itself has no requirement for SMBv1, but we cannot guarantee the rest of your school's systems, including ones that could be critical to safeguarding, child safety as well as education could make this move.
The advice to respond to MS17-010 - WannaCrypt is to patch - remember the HyperV physical servers, if you have them, as these are often found unpatched or waiting to install a patch from some time ago.
If you cannot patch a device, then disabling SMBv1 can be used (though resolution of why you cannot patch a device should be high on your to-do list). If you blanket ban SMBv1 on your network, you may cause significant issues.
The problem is that disabling SMBv1 could affect all those other, often forgotten, systems on the network - Signage, Cashless Catering, Visitor Entry Systems, BMS, CCTV, VLE - as well as potentially any older Mac OSX, IOS, Android, BYOD, guests and potentially systems brought into your school by social services / council employees etc. Even older versions of Smoothwall (pre-Inverness release) uses SMBv1 to contact your domain controllers, so user based filtering rules will not work.
There will be other systems not listed - so patch now - and then plan a project to remove SMBv1 later when it can be done in a controlled manner.
The actual disabling of SMBv1 is not hard at all (give us a call about it if you like, we are happy to help) - wrangling your suppliers to make everything work is potentially a far greater challenge.