How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub

The Server Message Block (SMB) network protocol is used to share and access folders, files, printers, and other devices over network ( TCP interface 445 ). In this article, we will look at which versions ( dialects ) of SMB are available in different versions of Windows ( and how they relate to samba versions on Linux ) ; how to check the SMB version in use on your calculator ; and how to enable or disable the SMBv1, SMBv2, and SMBv3 dialects .

SMB Protocol Versions in Windows

There are several versions of the SMB protocol ( dialects ) that have systematically appeared in new Windows versions ( and samba ) :

  • CIFS – Windows NT 4.0
  • SMB 1.0 – Windows 2000
  • SMB 2.0 – Windows Server 2008 and Windows Vista SP1 (supported in Samba 3.6)
  • SMB 2.1 – Windows Server 2008 R2 and Windows 7 (Samba 4.0)
  • SMB 3.0 – Windows Server 2012 and Windows 8 (Samba 4.2)
  • SMB 3.02 – Windows Server 2012 R2 and Windows 8.1 (not supported in Samba)
  • SMB 3.1.1 – Windows Server 2016 and Windows 10 (not supported in Samba)

Samba is used to implement the SMB protocol in Linux/Unix. Samba 4.14 and newer uses SMB 2.1 by default .
In SMB network communication, the node and server use the maximal SMB protocol adaptation supported by both the node and the waiter .
The compendious table of SMB adaptation compatibility looks like this. Using this board, you can determine the interpretation of the SMB protocol that is selected when different versions of Windows interact :

Operating System Windows 10, Win Server 2016 Windows 8.1, Win Server 2012 R2 Windows 8,Server 2012 Windows 7,Server 2008 R2 Windows Vista,Server 2008 Windows XP, Server 2003 and earlier
Windows 10, Windows Server 2016 SMB 3.1.1 SMB 3.02 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 8.1, Server 2012 R2 SMB 3.02 SMB 3.02 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 8, Server 2012 SMB 3.0 SMB 3.0 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 7, Server 2008 R2 SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.0 SMB 1.0
Windows Vista, Server 2008 SMB 2.0 SMB 2.0 SMB 2.0 SMB 2.0 SMB 2.0 SMB 1.0
Windows XP, 2003 and earlier SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0

For example, if a node calculator running Windows 8.1 connects to a file server with Windows Server 2016, the SMB 3.0.2 protocol will be used .
According to the table, Windows XP and Windows Server 2003 can use entirely SMB 1.0 to access shared folders and files. The SMBv1 is disabled in newer versions of Windows Server ( 2012 R2/2016 ). so, if you are still using Windows XP and Windows Server 2003 devices on your network, they won ’ t be able to access shared folders on the file waiter running Windows Server 2016 .
If Windows Server 2019/2016 with disable SMB v1.0 is used as a sphere accountant, then Windows XP/Server 2003 clients won ’ thyroxine be able to access the SYSVOL and NETLOGON folders on domain controllers and authenticate with AD .
You may receive the trace mistake when trying to connect to a shared folder on a file waiter with SMBv1 disabled :

The specified network name is no longer available

How to Check SMB Version on Windows?

Let ’ s search on how to find out which versions of the SMB are enabled on your Windows device .
On Windows 10/8.1 and Windows Server 2019/2016/2012R2, you can check the condition of versatile dialects of the SMB protocol using PowerShell :
Get-SmbServerConfiguration | select EnableSMB1Protocol,EnableSMB2Protocol
How to check which SMB version is enabled on Windows with PowerShell
This command returned that the SMB1 protocol is disabled ( EnableSMB1Protocol = True ), and the SMB2 and SMB3 protocols are enabled ( EnableSMB1Protocol = False ) .
note that the SMBv3 and SMBv2 protocols are close related. You can not disable or enable SMBv3 or SMBv2 individually. They are constantly enabled/disabled only together because they share the lapp batch .
On Windows 7, Vista, and Windows Server 2008 R2/2008 :
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
If there are no parameters named SMB1 or SMB2 in this register winder, then the SMBv1 and SMBv2 protocols are enabled by nonpayment .
Checking smb version on Windows 7 SP1
besides on these Windows versions, you can check which SMB client dialects are allowed to connect to remote hosts :
sc.exe query mrxsmb10

SERVICE_NAME: mrxsmb10
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

sc.exe query mrxsmb20

SERVICE_NAME: mrxsmb20
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

In both cases, the services are running ( STATE = 4 Running ). This means that the stream Windows device can connect to both SMBv1 and SMBv2 hosts .

Checking Used SMB Dialects with Get-SMBConnection

When communicating over SMB, computers use the utmost SMB version supported by both the node and the server. The Get-SMBConnection PowerShell cmdlet can be used to check the SMB interpretation used to access a distant calculator :
How to find out what SMB dialect is in use using Get-SmbConnection cmdlet
The SMB adaptation used to connect to the distant server ( ServerName ) is listed in the Dialect column .
You can display information about the SMB versions used to access a specific server :
Get-SmbConnection -ServerName srvfs01
If you want to display if SMB encoding is in function ( introduced in SMB 3.0 ) :
Get-SmbConnection | ft ServerName,ShareName,Dialect,Encrypted,UserName
On Linux, you can display a number of SMB connections and secondhand dialects in samba using the command : $ sudo smbstatus
On the Windows SMB server side, you can display a list of the versions of the SMB protocols that the clients are presently using. Run the command :
Get-SmbSession | Select-Object -ExpandProperty Dialect | Sort-Object -Unique
Get-SmbSession used Dialect versions In this exemplar, there are 898 clients connected to the server using SMB 2.1 ( Windows 7/ Windows 2008 R2 ) and 8 SMB 3.02 clients .
You can use PowerShell to enable audit of the SMB versions used for the connection :
Set-SmbServerConfiguration –AuditSmb1Access $true

SMB connection events can then be exported from Event Viewer logs :
Get-WinEvent -LogName Microsoft-Windows-SMBServer/Audit

Stop Using the Insecure SMBv1 Protocol

Over the past few years, Microsoft has systematically disabled the bequest SMB 1.0 protocol in all products for security reasons. This is ascribable to the bombastic number of critical vulnerabilities in this protocol ( remember the incidents with wannacrypt and petya ransomware, which exploited a vulnerability in the SMBv1 protocol ). Microsoft and other IT companies powerfully recommend that you stop using SMBv1 in your net .
however, disabling SMBv1 can cause problems with accessing shared files and folders on newer versions of Windows 10 ( Windows Server 2016/2019 ) from bequest clients ( Windows XP, Windows Server 2003 ), third-party OS ( Mac OSX 10.8 Mountain Lion, Snow Leopard, Mavericks, old Linux distros ), old NAS devices .
If there are no bequest devices left on your network that patronize merely SMBv1, be surely to disable this SMB dialect in Windows .
If you have clients running Windows XP, Windows Server 2003, or early devices that entirely support SMBv1, they should be updated or isolated .

How to Enable and Disable SMBv1, SMBv2, and SMBv3 on Windows?

Let ’ s spirit at ways to enable and disable different SMB versions on Windows. We ’ ll cover SMB customer and waiter management ( they are different Windows components ) .
Windows 10, 8.1, and Windows Server 2019/2016/2012R2 :
disable SMBv1 node and server :
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
disable SMBv1 server entirely :
Set-SmbServerConfiguration -EnableSMB1Protocol $false
enable SMBv1 client and server :
Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol
enable lone SMBv1 server :
Set-SmbServerConfiguration -EnableSMB1Protocol $true
disable SMBv2 and SMBv3 server :
Set-SmbServerConfiguration -EnableSMB2Protocol $false
enable SMBv2 and SMBv3 server :
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Dsable smb2 using set-smbserverconfiguration cmdlet
Windows 7, Vista, and Windows Server 2008 R2/2008 :
disable SMBv1 waiter :
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
How to disable SMB 1 on Windows 7 via registry?
enable SMBv1 waiter :
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 –Force
disable SMBv1 customer :
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

enable SMBv1 customer :
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

disable SMBv2 server :
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force
enable SMBv2 server :
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 –Force
disable SMBv2 client :
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

enable SMBv2 client :
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto

You can disable SMBv1 server on world joined computers by deploying the succeed register parameter through the GPO :

  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  • Name: SMB1
  • Type: REG_DWORD
  • Value: 0

Set the register argument SMB2=0 in order to disable the SMBv2 server.

To disable the SMBv1 node, you need to propagate the succeed register arrange :

  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10
  • Name: Start
  • Type: REG_DWORD
  • Value: 4
reference : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.