I have a couple of old SIEMENS CNCs that only talk to windows SMBv1 network shares for network data transfer. Our network shares are provided by Server 2019 where SMBv1 is defaulted to disabled (presumably for good reason).
What would be secure way of setting up a SMBv1 share on the server? If I enabled that feature, can it be limited to just one share or user or IP address?
Windows doesn't have functionality to limit the SMB protocol version to specific shares.
It seems promising, at first, to restrict access to TCP port 139 to the SMBv1 clients' IP addresses. Only SMBv1 over NBT (NetBIOS over TCP) can run on port 139. That's not workable, though, because SMBv1 will also be exposed over TCP port 445 if it's enabled, and presumably you have other clients you do not want to expose SMBv1 to.
I think you're going to be stuck dedicating an OS instance (either a license of Windows Server or, if you're game, a Samba installation on a Free/Open Source OS) to expose to the SMBv1 clients.
Use OS firewall rules (or whatever external packet filter you like) to limit the exposure of this server to the SMBv1 clients only. Script either a pull or push from this server to a file share on another server running SMBv2+ only.