How to Enable or Disable SMB1 File Sharing Protocol in Windows
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Although its main purpose is file sharing, additional Microsoft SMB Protocol functionality includes the following:
For security reasons, Microsoft recommends that you disable SMB1 immediately. Ransomware targets the vulnerabilities of the SMB service of the Windows operating system to propagate. To defend yourself against WannaCrypt ransomware it is imperative that you disable SMB1 as well as install the patches released by Microsoft.
When you use SMB1, you lose key protections offered by later SMB protocol versions:
Starting in Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMB1) network protocol is no longer installed (enabled) by default. It was superseded by SMB2 and later protocols starting in 2007. Microsoft publicly deprecated the SMB1 protocol in 2014.
SMB1 has the following behavior in Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3):
SMB1 has the following behavior change starting in Windows 10 Spring Creators Update version 1803 (RS4):
If you try to connect to devices that support only SMB1, or if these devices try to connect to you, you may receive an error message if SMB1 is disabled.
For more reference material about SMB1, see:
This tutorial will show you how to enable or disable the SMB 1.0/CIFS File Sharing Support protocol feature in Windows 7, Windows 8, Windows 8.1, and Windows 10.
To Enable or Disable SMB1 in Windows 7 using PowerShell
1. Open an elevated PowerShell.
2. Type the command below you want to use into the elevated PowerShell, and press Enter.
(Disable SMB1)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
OR
(Enable SMB1)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 –Force
3. Close the elevated PowerShell, and restart the computer to apply.
To Enable or Disable SMB1 in Windows 8 using PowerShell
1. Open an elevated PowerShell.
2. Type the command below you want to use into the elevated PowerShell, and press Enter.
(Disable SMB1)
Set-SmbServerConfiguration -EnableSMB1Protocol $false
OR
(Enable SMB1)
Set-SmbServerConfiguration -EnableSMB1Protocol $true
3. Close the elevated PowerShell, and restart the computer to apply.
To Enable or Disable SMB1 in Windows 8.1 and Windows 10 using Windows Features
1. Open the Control Panel (icons view), and click/tap on the Programs and Features icon.
2. Click/tap on the Turn Windows features on or off link on the left side. (see screenshot below)
This will open the C:\Windows\System32\OptionalFeatures.exe file.
3. Check (enable) or uncheck (disable) the SMB 1.0/CIFS File Sharing Support feature for what you want, and click/tap on OK. (see screenshot below)
If you like, you could also only check SMB 1.0/CIFS Client or SMB 1.0/CIFS Server for what you want.
4. When ready, click/tap on the Restart now button to immediately restart the computer to apply. (see screenshot below)
To Enable or Disable SMB1 in Windows 8.1 and Windows 10 using Command Prompt
1. Open an elevated Command Prompt.
2. Type the command below into the elevated command prompt, and press Enter to see if SMB1 is currently enabled or disabled. (see screenshots below)
3. Type the command below you want to use into the elevated command prompt, and press Enter. (see screenshots below)
(Disable SMB1)
OR
(Enable SMB1)
4. When prompted and ready, type y to immediately restart the computer to apply.
OPTION FIVE
To Enable or Disable SMB1 in Windows 8.1 and Windows 10 using PowerShell
1. Open an elevated PowerShell.
2. Type the command below into the elevated PowerShell, and press Enter to see if SMB1 is currently enabled or disabled. (see screenshots below)
3. Type the command below you want to use into the elevated PowerShell, and press Enter. (see screenshots below)
(Disable SMB1)
OR
(Enable SMB1)
4. When prompted and ready, type y and press Enter to immediately restart the computer to apply.
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Although its main purpose is file sharing, additional Microsoft SMB Protocol functionality includes the following:
- Dialect negotiation
- Determining other Microsoft SMB Protocol servers on the network, or network browsing
- Printing over a network
- File, directory, and share access authentication
- File and record locking
- File and directory change notification
- Extended file attribute handling
- Unicode support
- Opportunistic locks
For security reasons, Microsoft recommends that you disable SMB1 immediately. Ransomware targets the vulnerabilities of the SMB service of the Windows operating system to propagate. To defend yourself against WannaCrypt ransomware it is imperative that you disable SMB1 as well as install the patches released by Microsoft.
When you use SMB1, you lose key protections offered by later SMB protocol versions:
- Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
- Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
- Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
- Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
- Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.
Starting in Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMB1) network protocol is no longer installed (enabled) by default. It was superseded by SMB2 and later protocols starting in 2007. Microsoft publicly deprecated the SMB1 protocol in 2014.
SMB1 has the following behavior in Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3):
- SMB1 now has both client and server sub-features that can be uninstalled separately.
- Windows 10 Enterprise and Windows 10 Education no longer contain the SMB1 client or server by default after a clean installation.
- Windows Server 2016 no longer contains the SMB1 client or server by default after a clean installation.
- Windows 10 Home and Windows 10 Professional no longer contain the SMB1 server by default after a clean installation.
- Windows 10 Home and Windows 10 Professional still contain the SMB1 client by default after a clean installation.
If the SMB1 client is not used for 15 days in total (excluding the computer being turned off), it automatically uninstalls itself. - In-place
upgrades and Insider flights of Windows 10 Home and Windows 10
Professional do not automatically remove SMB1 initially.
If the SMB1 client or server is not used for 15 days in total (excluding the time during which the computer is off), they each automatically uninstall themselves. - In-place upgrades and Insider flights of Windows 10 Enterprise and Windows 10 Education do not automatically remove SMB1. An administrator must decide to uninstall SMB1 in these managed environments.
Automatic removal of SMB1 after 15 days is a one-time operation.If an administrator re-installs SMB1, no further attempts will be made to uninstall it.- The SMB version 2.02, 2.1, 3.0, 3.02, and 3.1.1 features are still fully supported and included by default as part of the SMB2 binaries.
- Because the Computer Browser service relies on SMB1, the service is uninstalled if the SMB1 client or server is uninstalled. This means that Explorer Network can no longer display Windows computers through the legacy NetBIOS datagram browsing method.
- SMB1 can still be reinstalled in all editions of Windows 10 and Windows Server 2016.
SMB1 has the following behavior change starting in Windows 10 Spring Creators Update version 1803 (RS4):
- SMB1 will no longer be automatically disabled, but you will have to enable it (if wanted) and restart the computer to apply.
If you try to connect to devices that support only SMB1, or if these devices try to connect to you, you may receive an error message if SMB1 is disabled.
For more reference material about SMB1, see:
- Microsoft SMB Protocol and CIFS Protocol Overview (Windows)
- Stop using SMB1 | Storage at Microsoft
- How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
- SMB1 Product Clearinghouse | Storage at Microsoft
- SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709
This tutorial will show you how to enable or disable the SMB 1.0/CIFS File Sharing Support protocol feature in Windows 7, Windows 8, Windows 8.1, and Windows 10.
OPTION ONE
1. Open an elevated PowerShell.
2. Type the command below you want to use into the elevated PowerShell, and press Enter.
(Disable SMB1)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
OR
(Enable SMB1)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 –Force
OPTION TWO
1. Open an elevated PowerShell.
2. Type the command below you want to use into the elevated PowerShell, and press Enter.
(Disable SMB1)
Set-SmbServerConfiguration -EnableSMB1Protocol $false
OR
(Enable SMB1)
Set-SmbServerConfiguration -EnableSMB1Protocol $true
OPTION THREE
1. Open the Control Panel (icons view), and click/tap on the Programs and Features icon.
2. Click/tap on the Turn Windows features on or off link on the left side. (see screenshot below)
This will open the C:\Windows\System32\OptionalFeatures.exe file.
3. Check (enable) or uncheck (disable) the SMB 1.0/CIFS File Sharing Support feature for what you want, and click/tap on OK. (see screenshot below)
If you like, you could also only check SMB 1.0/CIFS Client or SMB 1.0/CIFS Server for what you want.
4. When ready, click/tap on the Restart now button to immediately restart the computer to apply. (see screenshot below)
OPTION FOUR
1. Open an elevated Command Prompt.
2. Type the command below into the elevated command prompt, and press Enter to see if SMB1 is currently enabled or disabled. (see screenshots below)
Dism /online /Get-Features /format:table | find "SMB1Protocol"
3. Type the command below you want to use into the elevated command prompt, and press Enter. (see screenshots below)
(Disable SMB1)
Dism /online /Disable-Feature /FeatureName:"SMB1Protocol"
OR
(Enable SMB1)
Dism /online /Enable-Feature /FeatureName:"SMB1Protocol" -All
4. When prompted and ready, type y to immediately restart the computer to apply.
OPTION FIVE
1. Open an elevated PowerShell.
2. Type the command below into the elevated PowerShell, and press Enter to see if SMB1 is currently enabled or disabled. (see screenshots below)
Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
3. Type the command below you want to use into the elevated PowerShell, and press Enter. (see screenshots below)
(Disable SMB1)
Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
OR
(Enable SMB1)
Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" -All
4. When prompted and ready, type y and press Enter to immediately restart the computer to apply.