Disable SMB1

In light of the recent details of SMBv1 being incredibly vulnerable¬† to attacks, it’d be a good idea to make sure that SMBv1 is disabled on your systems. There isn’t much reason to leave it enabled, it was deprecated in Windows Vista/Server 2k8, and unless you have an old NAS that requires SMBv1, you should be able to disable it without any harm.

The other benefit of disabling SMBv1, is that it forces your systems to use SMBv2 or v3, which perform better.

So, let’s go through how to disable it quickly and easily.

For Windows 8.1 and above, as well as Windows Server 2012 R2 and above, it’s just a simple PowerShell command.

To run Powershell as an Admin, please do the following:

  1. Click on Start
  2. Type in “Powershell” without the quotes
  3. Right click on “Powershell” and click run as administrator. Do not run Powershell ISE
  4. Click on “Allow” if a prompt comes up

Server2k12R2+

Open a PowerShell window as Admin

Remove-WindowsFeature FS-SMB1

If all goes well, you’ll get a message saying it was successful.

Win8.1+

Open a PowerShell window as Admin

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

You’ll get a message saying that it has succeeded.

For the remaining versions of Windows, the commands are a little different.

Win8/Server2k12

Open PowerShell window as Admin

Set-SmbServerConfiguration -EnableSMB1Protocol $false

Windows Vista/7/Server 2k8/2k8R2

Open PowerShell window as Admin

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Then restart the computer

Disabling SMBv1 is simple, quick, and highly important both from a security standpoint and a performance standpoint.

Leave a Reply

Your email address will not be published. Required fields are marked *