Monday, January 17, 2022
HomeWindowsHow to Check, Enable or Disable SMB Protocol Versions on Windows?

How to Check, Enable or Disable SMB Protocol Versions on Windows?

The Server Information Block (SMB) community protocol is utilized to share and accessibility folders, information, printers, and other equipment around community (TCP port 445). In this posting, we will glance at which variations (dialects) of SMB are obtainable in various variations of Home windows (and how they relate to samba variations on Linux) how to test the SMB variation in use on your computer system and how to empower or disable the SMBv1, SMBv2, and SMBv3 dialects.

SMB Protocol Variations in Home windows

There are many variations of the SMB protocol (dialects) that have continually appeared in new Home windows variations (and samba) :

  • CIFS – Home windows NT four.
  • SMB one. – Home windows 2000
  • SMB two. – Home windows Server 2008 and Home windows Vista SP1 (supported in Samba three.six)
  • SMB two.one – Home windows Server 2008 R2 and Home windows seven (Samba four.)
  • SMB three. – Home windows Server 2012 and Home windows eight (Samba four.two)
  • SMB three.02 – Home windows Server 2012 R2 and Home windows eight.one (not supported in Samba)
  • SMB three.one.one – Home windows Server 2016 and Home windows ten (not supported in Samba)

Samba is utilized to carry out the SMB protocol in Linux/Unix . Samba four.fourteen and more recent works by using SMB two.one by default.

In SMB community interaction, the consumer and server use the greatest SMB protocol variation supported by both equally the consumer and the server.

The summary desk of SMB variation compatibility appears to be like this. Employing this desk, you can figure out the variation of the SMB protocol that is chosen when various variations of Home windows interact:

Running Procedure
Home windows ten, Earn Server 2016
Home windows eight.one, Earn Server 2012 R2
Home windows eight,Server 2012
Home windows seven,Server 2008 R2
Home windows Vista,Server 2008
Home windows XP, Server 2003 and before

Home windows ten, Home windows Server 2016
SMB three.one.one
SMB three.02
SMB three.
SMB two.one
SMB two.
SMB one.

Home windows eight.one, Server 2012 R2
SMB three.02
SMB three.02
SMB three.
SMB two.one
SMB two.
SMB one.

See also  how to reset windows 7 without password
See also  Download f.lux for Windows 10 Free (2021)

Home windows eight, Server 2012
SMB three.
SMB three.
SMB three.
SMB two.one
SMB two.
SMB one.

Home windows seven, Server 2008 R2
SMB two.one
SMB two.one
SMB two.one
SMB two.one
SMB two.
SMB one.

Home windows Vista, Server 2008
SMB two.
SMB two.
SMB two.
SMB two.
SMB two.
SMB one.

Home windows XP, 2003 and before
SMB one.
SMB one.
SMB one.
SMB one.
SMB one.
SMB one.

For case in point, if a consumer computer system managing Home windows eight.one connects to a file server with Home windows Server 2016, the SMB three..two protocol will be utilized.

In accordance to the desk, Home windows XP and Home windows Server 2003 can use only SMB one. to accessibility shared folders and information. The SMBv1 is disabled in more recent variations of Home windows Server (2012 R2/2016). So, if you are continue to working with Home windows XP and Home windows Server 2003 equipment on your community, they will not be equipped to accessibility shared folders on the file server managing Home windows Server 2016.

If Home windows Server 2019/2016 with disabled SMB v1. is utilized as a area controller, then Home windows XP/Server 2003 clientele will not be equipped to accessibility the SYSVOL and NETLOGON folders on area controllers and authenticate with Advert.

You may perhaps get the subsequent mistake when seeking to join to a shared folder on a file server with SMBv1 disabled:

The specified community identify is no lengthier obtainable

How to Look at SMB Model on Home windows?

Let us glance on how to locate out which variations of the SMB are enabled on your Home windows product.

On Home windows ten/eight.one and Home windows Server 2019/2016/2012R2, you can test the standing of numerous dialects of the SMB protocol working with PowerShell:

Get-SmbServerConfiguration | choose EnableSMB1Protocol,EnableSMB2Protocol

This command returned that the SMB1 protocol is disabled (EnableSMB1Protocol = Real), and the SMB2 and SMB3 protocols are enabled (EnableSMB1Protocol = Phony).

Take note that the SMBv3 and SMBv2 protocols are intently linked. You are not able to disable or empower SMBv3 or SMBv2 independently. They are often enabled/disabled only alongside one another mainly because they share the identical stack.

On Home windows seven, Vista, and Home windows Server 2008 R2/2008:

Get-Product HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters | ForEach-Item {Get-ItemProperty $_.pspath}

If there are no parameters named SMB1 or SMB2 in this registry vital, then the SMBv1 and SMBv2 protocols are enabled by default.

See also  [TOP 23] Best MAC Emulator for Windows OS (Operating System)

Checking smb version on Windows 7 SP1

Also on these Home windows variations, you can test which SMB consumer dialects are permitted to join to distant hosts:

sc.exe question mrxsmb10

Assistance_Identify: mrxsmb10
Variety : two FILE_Procedure_DRIVER
Condition : four Operating
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE :  (0x0)
Assistance_EXIT_CODE :  (0x0)
CHECKPOINT : 0x0
Hold out_Trace : 0x0

sc.exe question mrxsmb20

Assistance_Identify: mrxsmb20
Variety : two FILE_Procedure_DRIVER
Condition : four Operating
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE :  (0x0)
Assistance_EXIT_CODE :  (0x0)
CHECKPOINT : 0x0
Hold out_Trace : 0x0

In both equally instances, the solutions are managing (Condition = four Operating). This suggests that the present Home windows product can join to both equally SMBv1 and SMBv2 hosts.

See also  Download Windows 10 Themes & Themepacks

Examining Utilised SMB Dialects with Get-SMBConnection

When speaking around SMB, pcs use the greatest SMB variation supported by both equally the consumer and the server. The Get-SMBConnection PowerShell cmdlet can be utilized to test the SMB variation utilized to accessibility a distant computer system:

How to find out what SMB dialect is in use using Get-SmbConnection cmdlet

The SMB variation utilized to join to the distant server (ServerName) is mentioned in the Dialect column.

You can show facts about the SMB variations utilized to accessibility a unique server:

Get-SmbConnection -ServerName srvfs01

If you want to show if SMB encryption is in use (released in SMB three.):

Get-SmbConnection | ft ServerName,ShareName,Dialect,Encrypted,UserName

On Linux, you can show a listing of SMB connections and utilized dialects in samba working with the command:

$ sudo smbstatus

On the Home windows SMB server facet, you can show a listing of the variations of the SMB protocols that the clientele are at present working with. Operate the command:

Get-SmbSession | Find-Item -ExpandProperty Dialect | Type-Item -Exclusive

Get-SmbSession used Dialect versionsIn this case in point, there are 898 clientele linked to the server working with SMB two.one (Home windows seven/ Home windows 2008 R2) and eight SMB three.02 clientele.

You can use PowerShell to empower auditing of the SMB variations utilized for the relationship:

Established-SmbServerConfiguration –AuditSmb1Access $accurate

SMB relationship activities can then be exported from Party Viewer logs:

Get-WinEvent -LogName Microsoft-Home windows-SMBServer/Audit

End Employing the Insecure SMBv1 Protocol

About the previous couple yrs, Microsoft has systematically disabled the legacy SMB one. protocol in all goods for stability motives. This is owing to the significant quantity of essential vulnerabilities in this protocol (try to remember the incidents with wannacrypt and petya ransomware, which exploited a vulnerability in the SMBv1 protocol). Microsoft and other IT providers strongly suggest that you cease working with SMBv1 in your community.

See also  Download Windows 10 Themes & Themepacks

Nevertheless, disabling SMBv1 can lead to difficulties with accessing shared information and folders on more recent variations of Home windows ten (Home windows Server 2016/2019) from legacy clientele (Home windows XP, Home windows Server 2003), 3rd-get together OS (Mac OSX ten.eight Mountain Lion, Snow Leopard, Mavericks, aged Linux distros), aged NAS equipment.

If there are no legacy equipment still left on your community that assistance only SMBv1, be confident to disable this SMB dialect in Home windows.

If you have clientele managing Home windows XP, Home windows Server 2003, or other equipment that only assistance SMBv1, they should really be up-to-date or isolated.

How to Help and Disable SMBv1, SMBv2, and SMBv3 on Home windows?

Let us glance at strategies to empower and disable various SMB variations on Home windows. We’ll protect SMB consumer and server administration (they are various Home windows parts).

See also  Solved This Copy of Windows Is Not Genuine

Home windows ten, eight.one, and Home windows Server 2019/2016/2012R2:

Disable SMBv1 consumer and server:

Disable-WindowsOptionalFeature -On-line -FeatureName smb1protocol

Disable SMBv1 server only:

Established-SmbServerConfiguration -EnableSMB1Protocol $untrue

Help SMBv1 consumer and server:

Help-WindowsOptionalFeature -On-line -FeatureName smb1protocol

Help only SMBv1 server:

Established-SmbServerConfiguration -EnableSMB1Protocol $accurate

Disable SMBv2 and SMBv3 server:

Established-SmbServerConfiguration -EnableSMB2Protocol $untrue

Help SMBv2 and SMBv3 server:

Established-SmbServerConfiguration -EnableSMB2Protocol $accurate

Dsable smb2 using set-smbserverconfiguration cmdlet

Home windows seven, Vista, and Home windows Server 2008 R2/2008:

Disable SMBv1 server:

Established-ItemProperty -Route "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" SMB1 -Variety DWORD -Worth –Force

How to disable SMB 1 on Windows 7 via registry?

Help SMBv1 server:

Established-ItemProperty -Route "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" SMB1 -Variety DWORD -Worth one –Force

Disable SMBv1 consumer:

sc.exe config lanmanworkstation count= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 get started= disabled

Help SMBv1 consumer:

sc.exe config lanmanworkstation count= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 get started= vehicle

Disable SMBv2 server:

Established-ItemProperty -Route "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" SMB2 -Variety DWORD -Worth -Pressure

Help SMBv2 server:

Established-ItemProperty -Route "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" SMB2 -Variety DWORD -Worth one –Force

Disable SMBv2 consumer:

sc.exe config lanmanworkstation count= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 get started= disabled

Help SMBv2 consumer:

sc.exe config lanmanworkstation count= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 get started= vehicle

You can disable SMBv1 server on area joined pcs by deploying the subsequent registry parameter by means of the GPO:

  • Vital: HKEY_Area_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
  • Identify: SMB1
  • Variety: REG_DWORD
  • Worth:

Established the registry parameter SMB2= in buy to disable the SMBv2 server.

To disable the SMBv1 consumer, you will need to propagate the subsequent registry placing:

  • Vital: HKEY_Area_MACHINESYSTEMCurrentControlSetservicesmrxsmb10
  • Identify: Start off
  • Variety: REG_DWORD
  • Worth: four
Xem thêm bài viết thuộc chuyên mục: Windows
RELATED ARTICLES

Most Popular

Recent Comments