In light of the recent details of SMBv1 being incredibly vulnerable to attacks, it’d be a good idea to make sure that SMBv1 is disabled on your systems. There isn’t much reason to leave it enabled, it was deprecated in Windows Vista/Server 2k8, and unless you have an old NAS that requires SMBv1, you should be able to disable it without any harm.
The other benefit of disabling SMBv1, is that it forces your systems to use SMBv2 or v3, which perform better.
So, let’s go through how to disable it quickly and easily.
For Windows 8.1 and above, as well as Windows Server 2012 R2 and above, it’s just a simple PowerShell command.
To run Powershell as an Admin, please do the following:
- Click on Start
- Type in “Powershell” without the quotes
- Right click on “Powershell” and click run as administrator. Do not run Powershell ISE
- Click on “Allow” if a prompt comes up
Server2k12R2+
Open a PowerShell window as Admin
Remove-WindowsFeature FS-SMB1
If all goes well, you’ll get a message saying it was successful.
Win8.1+
Open a PowerShell window as Admin
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
You’ll get a message saying that it has succeeded.
For the remaining versions of Windows, the commands are a little different.
Win8/Server2k12
Open PowerShell window as Admin
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Windows Vista/7/Server 2k8/2k8R2
Open PowerShell window as Admin
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Then restart the computer
Disabling SMBv1 is simple, quick, and highly important both from a security standpoint and a performance standpoint.