How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (2023)

  • Article
  • 9 minutes to read

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 11, Windows 10, Windows 8.1, Windows 8

This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components.

While disabling or removing SMBv1 might cause some compatibility issues with old computers or software, SMBv1 has significant security vulnerabilities, and we strongly encourage you not to use it.

Disabling SMBv2 or SMBv3 for troubleshooting

We recommend keeping SMBv2 and SMBv3 enabled, but you might find it useful to disable one temporarily for troubleshooting. For more information, see How to detect status, enable, and disable SMB protocols on the SMB Server.

In Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012, disabling SMBv3 deactivatesthe following functionality:

  • Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
  • Scale Out - concurrent access to shared data on all file cluster nodes
  • Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
  • SMB Direct - adds RDMA networking support for high performance, with low latency and low CPU use
  • Encryption - Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
  • Directory Leasing - Improves application response times in branch offices through caching
  • Performance Optimizations - optimizations for small random read/write I/O

In Windows 7 and Windows Server 2008 R2, disabling SMBv2deactivates the following functionality:

  • Request compounding - allows for sending multiple SMBv2 requests as a single network request
  • Larger reads and writes - better use of faster networks
  • Caching of folder and file properties - clients keep local copies of folders and files
  • Durable handles - allow for connection to transparently reconnect to the server if there's a temporary disconnection
  • Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
  • Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
  • Support for symbolic links
  • Client oplock leasing model - limits the data transferred between the client and server, improving performance on high-latency networks and increasing SMB server scalability
  • Large MTU support - for full use of 10 Gigabit Ethernet (GbE)
  • Improved energy efficiency - clients that have open files to a server can sleep

The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008, while the SMBv3 protocol was introduced in Windows 8 and Windows Server 2012. For more information about SMBv2 and SMBv3 capabilities, see the following articles:

  • Server Message Block overview
  • What's New in SMB

How to remove SMBv1 via PowerShell

Here are the steps to detect, disable and enable SMBv1 client and server by using PowerShell commands with elevation.

Note

The computer will restart after you run the PowerShell commands to disable or enable SMBv1.

  • Detect:

    Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
  • Disable:

    Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
  • Enable:

    Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

Tip

(Video) How to Enable-Disable SMB Protocol in Windows 8 || Windows 10 || Windows Server OS

You can detect SMBv1 status, without elevation, by running: Get-SmbServerConfiguration | Format-List EnableSMB1Protocol.

Windows Server 2012 Windows Server 2012 R2, Windows Server 2016, Windows Server 2019: Server Manager method

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (1)

To remove SMBv1 from Windows Server:

  1. On the Server Manager Dashboard of the server where you want to remove SMBv1, under Configure this local server, select Add roles and features.
  2. On the Before you begin page, select Start the Remove Roles and Features Wizard, and then on the following page, select Next.
  3. On the Select destination server page under Server Pool, ensure that the server you want to remove the feature from is selected, and then select Next.
  4. On the Remove server roles page, select Next.
  5. On the Remove features page, clear the check box for SMB 1.0/CIFS File Sharing Support and select Next.
  6. On the Confirm removal selections page, confirm that the feature is listed, and then select Remove.

Windows 8.1, Windows 10, and Windows 11: Add or Remove Programs method

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (2)

To disable SMBv1 for the mentioned operating systems:

  1. In Control Panel, select Programs and Features.
  2. Under Control Panel Home, select Turn Windows features on or off to open the Windows Features box.
  3. In the Windows Features box, scroll down the list, clear the check box for SMB 1.0/CIFS File Sharing Support and select OK.
  4. After Windows applies the change, on the confirmation page, select Restart now.

How to detect status, enable, and disable SMB protocols

Note

When you enable or disable SMBv2 in Windows 8 or Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

  • Server
  • Client

Windows 8 and Windows Server 2012 introduced the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

You don't have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

SMBv1

  • Detect:

    Get-SmbServerConfiguration | Select EnableSMB1Protocol
  • Disable:

    Set-SmbServerConfiguration -EnableSMB1Protocol $false
  • Enable:

    Set-SmbServerConfiguration -EnableSMB1Protocol $true

For more information, see Server storage at Microsoft.

SMB v2/v3

  • Detect:

    Get-SmbServerConfiguration | Select EnableSMB2Protocol
  • Disable:

    Set-SmbServerConfiguration -EnableSMB2Protocol $false
  • Enable:

    (Video) How to disable SMBv1 and enable SMB Signing on Windows through Group Policy

    Set-SmbServerConfiguration -EnableSMB2Protocol $true

For Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Additional PowerShell methods

Note

This method requires PowerShell 2.0 or later.

SMBv1 on SMB Server

Detect:

Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

Default configuration = Enabled (No registry named value is created), so no SMB1 value will be returned

Disable:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Enable:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force

Note You must restart the computer after you make these changes.For more information, see Server storage at Microsoft.

SMBv2/v3 on SMB Server

Detect:

Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

Disable:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force

Enable:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 -Force

Note

You must restart the computer after you make these changes.

Registry Editor

Important

Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

(Video) How to disable SMBv1 and enable SMB Signing on Windows through Group Policy

To enable or disable SMBv1 on the SMB server, configure the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1REG_DWORD: 0 = DisabledREG_DWORD: 1 = EnabledDefault: 1 = Enabled(No registry key is created)

To enable or disable SMBv2 on the SMB server, configure the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB2REG_DWORD: 0 = DisabledREG_DWORD: 1 = EnabledDefault: 1 = Enabled(No registry key is created)

Note

You must restart the computer after you make these changes.

Disable SMBv1 by using Group Policy

This section introduces how to use Group Policy to disable SMBv1. You can use this method on different versions of Windows.

  • Server
  • Client

SMBv1

This procedure configures the following new item in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

  • Registry entry: SMB1
  • REG_DWORD: 0 = Disabled

To use Group Policy to configure this, follow these steps:

  1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

  2. In the console tree under Computer Configuration, expand the Preferences folder, and then expand the Windows Settings folder.

  3. Right-click the Registry node, point to New, and select Registry Item.

    How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (3)

In the New Registry Properties dialog box, select the following:

  • Action: Create
  • Hive: HKEY_LOCAL_MACHINE
  • Key Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  • Value name: SMB1
  • Value type: REG_DWORD
  • Value data: 0

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (4)

(Video) How to Enable or Disable SMBv2 in Windows 11/10

This procedure disables the SMBv1 Server components. This Group Policy mustbe applied to all necessary workstations, servers, and domain controllers in the domain.

Note

WMI filters can also be set to exclude unsupported operating systems or selected exclusions, such as Windows XP.

Important

Be careful when you makethese changes on domain controllers on which legacy Windows XP or older Linux and third-party systems (that don't support SMBv2 or SMBv3) require access to SYSVOL or other file shares where SMB v1 is being disabled.

Auditing SMBv1 usage

To determine which clients are attempting to connect to an SMB server with SMBv1, you can enable auditing on Windows Server 2016, Windows 10, and Windows Server 2019. You can also audit on Windows 7 and Windows Server 2008 R2 if the May 2018 monthly update is installed, and on Windows 8.1 and Windows Server 2012 R2 if the July 2017 monthly update is installed.

  • Enable:

    Set-SmbServerConfiguration -AuditSmb1Access $true
  • Disable:

    Set-SmbServerConfiguration -AuditSmb1Access $false
  • Detect:

    Get-SmbServerConfiguration | Select AuditSmb1Access

When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1.

Summary

If all the settings are in the same GPO, Group Policy Management displays the following settings.

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (5)

Testing and validation

After completing the configuration steps in this article, allow the policy to replicate and update. As necessary for testing, run gpupdate /force at a command prompt, and then review the target computers to make sure that the registry settings are applied correctly. Make sure SMBv2 and SMBv3 are functioning for all other systems in the environment.

Note

Don't forget to restartthe targetsystems.

(Video) SMB II SMB Protocol II How to Enable SMBv3

FAQs

How do I disable SMB1 and enable SMB2? ›

Procedure
  1. From the Start menu, click Run....
  2. Type regedit in the Open field and click OK.
  3. Expand and locate the registry subtree as follows: ...
  4. Add a REG_DWORD key with the name of Smb2. ...
  5. Set the value to 0 to disable SMB2, or set it to 1 to re-enable SMB2.
  6. Restart the server.

How do I know if SMB encryption is enabled? ›

Enable SMB Encryption with Windows Admin Center

Click Files & file sharing. Click the File shares tab. To require encryption on a share, click on the share name and select Enable SMB encryption.

How do I check my SMB connection? ›

Test SMB Authentication
  1. From a system running Windows, open a Command Prompt.
  2. Type net use \\x.x.x.x\IPC$ * /user:Outpost24 replacing "x.x.x.x" with the IP address of the target system and replacing "Outpost24" with the username you need to test authentication with and press Enter.

How do I enable smb3 in Windows 10? ›

  1. Get-SmbServerConfiguration | Select EnableSMB2Protocol. To check if Encryption is enabled on server level, run below command:
  2. Get-SmbServerConfiguration | Select EncryptData. To check if Encryption is enabled for individual file share, run below command:
  3. Get-SmbShare -Name <sharename> | Select EncryptData.
Oct 13, 2020

How do I enable SMB2 protocol in Windows 10? ›

To enable SMB2 on Windows 10, you need to press the Windows Key + S, start typing and click on Turn Windows features on or off. You can also search the same phrase in Start, Settings. Scroll down to SMB 1.0/CIFS File Sharing Support and check that top box.

How do I enable SMBv3? ›

Procedure
  1. Go to Protocols > Windows Sharing (SMB) > Server Settings.
  2. In the Encryption section, under Enable SMBv3 encryption, select Use Custom.
  3. Check Enable SMBv3 encryption. Both encrypted and unencrypted clients are allowed access.

How to check SMB version Windows 10? ›

[Network] SMB1 Sharing Protocol on Windows 10
  1. Click and open the Search Bar in Windows 10. Type Windows Features in the search bar. ...
  2. Scroll down to SMB 1.0/CIFS File Sharing Support.
  3. Check the box net to SMB 1.0/CIFS File Sharing Support and all other child boxes will auto populate. ...
  4. Click Restart Now to reboot the computer.

Is SMBv1 enabled on Windows 10? ›

Since Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. It was superseded by SMBv2 and later protocols starting in 2007. Microsoft publicly deprecated the SMBv1 protocol in 2014.

How do I find my SMB server settings? ›

Configure SMB server settings
  1. Click Protocols > Windows Sharing (SMB) > SMB Server Settings .
  2. From the SMB service setting, select Enabled.
  3. From the Snapshot Directory Settings box, choose the system default or a custom configuration for the following settings: Visible at root. Accessible at root. ...
  4. Click Save.

How do I check network encryption mode? ›

To check the encryption type:
  1. Open the Settings app on your mobile device.
  2. Access the Wi-Fi connection settings.
  3. Find your wireless network on the list of available networks.
  4. Tap the network name or info button to pull up the network configuration.
  5. Check the network configuration for the security type.
Oct 19, 2017

How do I know what version of SMB I am running? ›

Open Powershell as an Administrator. Right click on the icon and say "Run as Administrator". Now, you're going to run 2 commands within 10 seconds or else Windows closes the ports as unused. Run Get-SmbConnection : your "Dialect" column is the version of your SMB.

How do I set up SMB sharing in Windows 10? ›

4. Windows 10
  1. Right click on the created folder and select Properties.
  2. Click on the Sharing tab.
  3. Click the Share button.
  4. Type "Everyone" in the text box and click Add. ...
  5. The folder is now shared. ...
  6. Click on Advanced Sharing to check the advanced share properties.
Feb 21, 2021

Does Windows 10 have SMB3? ›

SMB v3 adds more performance and security enhancements to the protocol. For example, SMB multichannel and end-to-end encryption were introduced in SMB3. SMB 3.1. 1 — the latest version of Windows SMB — was released along with Server 2016 and Windows 10.

Does Windows 10 have SMB 3? ›

SMB3 supported by all versions/editions of Windows 10.

Should you disable SMBv2? ›

We recommend that you do not disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.

Can SMB1 and SMB2 be enabled at the same time? ›

They are always enabled/disabled only together because they share the same stack. If there are no parameters named SMB1 or SMB2 in this registry key, then the SMBv1 and SMBv2 protocols are enabled by default. In both cases, the services are running ( STATE = 4 Running ).

How do I change my SMB permissions? ›

From the list of SMB shares, locate the share you want to modify and then click View details. For each setting that you want to modify, click Edit, make the change, and then click Save. To modify the settings for file and directory permissions, performance, or security, click Advanced SMB Share Settings. Click Save.

How do I unblock my SMB port? ›

Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP > Inbound Rules. Right-click and choose New Rule. Choose Port and click Next. Choose TCP and at specific local ports enter 135, 445, then click Next.

What is Windows smbv3? ›

SMB 3.0 (Server Message Block 3.0) is a protocol that provides a way for a computer's client applications to read and write to files and to request services from server programs in a computer network. SMB 3.0 was originally introduced with Windows Server 2012 as SMB 2.2.

How do I enable smb3 on Windows 11? ›

Find Windows PowerShell app and click on “Run as administrator” link to open the app in admin mode.
  1. Open PowerShell as Administrator.
  2. Check SMB Status in Windows PC.
  3. Enable SMB from Windows PowerShell.
  4. Open Programs in Control Panel.
  5. Turn On or Off Windows Features.
  6. Enable SMB in Windows Features.
Aug 10, 2022

Does disabling SMB1 break anything? ›

When we disable SMBv1, we might break the functionality these other solutions offer to our infrastructure. This is undesirable. Therefore, we report on SMBv1, SMBv2 and SMB null sessions, before we disable any of them.

Does disabling SMBv1 require a reboot? ›

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

How do I fix my SMB1 protocol? ›

Cannot Connect to File Share
  1. On your computer, open Control Panel. Click Programs.
  2. Click on Turn Windows features on or off link.
  3. Expand the SMB 1.0/CIFS File Sharing Support option. Check the box SMB 1.0/CIFS Client.
  4. Click the OK button.
  5. Restart the computer now.
Feb 18, 2022

How do I access SMB server from Windows? ›

Accessing Samba shares from a Windows desktop
  1. Log on to a Windows computer that is joined to the domain with an Active Directory user account.
  2. Click Start > Windows Explorer, then navigate to the domain. ...
  3. Select the Linux or UNIX computer that is integrated with Samba to view its Samba shares.

How do I set up SMB on Windows? ›

Create an SMB file share symbol store
  1. Open File Explorer.
  2. Select and hold (or right-click) the D:\SymStore\Symbols folder and select Properties.
  3. Select the Sharing tab.
  4. Select Advanced Sharing.
  5. In Advanced Sharing, select the Share this folder checkbox, and then select Permissions.
Dec 29, 2022

How do you check if your device is encrypted? ›

iOS devices: Open Settings > Face ID & Passcode > enter your passcode. Then, look for Data protection is enabled at the bottom of the screen. If you see it, encryption is on. Android devices: Select Settings > Security > Encrypt Device and follow the on-screen instructions.

How do you tell if a device is encrypted? ›

You can check the encryption status for Android devices by navigating to Settings > Security > Encryption. This tab shows whether the device is encrypted or not.

Does factory reset remove encryption? ›

The data on most Android phones is encrypted which means that it can't be accessed following a factory reset. As such, you don't need to worry about another person accessing this information if you sell your Android phone.

What ports need to be open for SMB? ›

SMB is a network file sharing protocol that requires an open port on a computer or server to communicate with other systems. SMB ports are generally port numbers 139 and 445.

What is the default drive set up for sharing files using SMB 3.0 protocol? ›

AES-128-GCM is the default for new Windows versions, while older versions will continue to use AES-128-CCM.

How do I enable SMB v3? ›

Go to Protocols > Windows Sharing (SMB) > Server Settings. In the Encryption section, under Enable SMBv3 encryption, select Use Custom. Check Enable SMBv3 encryption. Both encrypted and unencrypted clients are allowed access.

How do I find my SMB version in Windows 10? ›

[Network] SMB1 Sharing Protocol on Windows 10
  1. Click and open the Search Bar in Windows 10. Type Windows Features in the search bar. ...
  2. Scroll down to SMB 1.0/CIFS File Sharing Support.
  3. Check the box net to SMB 1.0/CIFS File Sharing Support and all other child boxes will auto populate. ...
  4. Click Restart Now to reboot the computer.

Is SMB2 enabled by default? ›

If there are no parameters named SMB1 or SMB2 in this registry key, then the SMBv1 and SMBv2 protocols are enabled by default. In both cases, the services are running ( STATE = 4 Running ). This means that the current Windows device can connect to both SMBv1 and SMBv2 hosts.

Is SMB disabled by default? ›

Summary. Since Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. It was superseded by SMBv2 and later protocols starting in 2007.

Videos

1. Why and how to disable SMB1 on Windows 10
(TheWindowsClub)
2. How to enable or disable SMBv1 in Windows 7 (Description below)
(Britt Tech)
3. ✔️❌ Enable or disable SMB2 or SMB1 Windows 11
(Solvetic English)
4. Disable SMB Version 1 Using Group Policy Objects
(Shoestring Networks)
5. How to enable/disable SMBv1 in Registry Editor, Windows 10
(SwapnilTech)
6. ✅ ENABLE SMB1 or SMB2 Windows Server 2022
(Solvetic English)
Top Articles
Latest Posts
Article information

Author: Van Hayes

Last Updated: 03/16/2023

Views: 6192

Rating: 4.6 / 5 (46 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Van Hayes

Birthday: 1994-06-07

Address: 2004 Kling Rapid, New Destiny, MT 64658-2367

Phone: +512425013758

Job: National Farming Director

Hobby: Reading, Polo, Genealogy, amateur radio, Scouting, Stand-up comedy, Cryptography

Introduction: My name is Van Hayes, I am a thankful, friendly, smiling, calm, powerful, fine, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.