The steps below describe how to enable and disable the Server Message Block (SMB) versions SMBv1, SMBv2, and SMBv3 on the SMB server and SMB client. The SMBv2 protocol came in Windows Vista and Windows Server 2008, while SMBv3 came in Windows 8 and Windows Server 2012.
The procedures below are only applicable to the following Windows versions:
• Windows Vista Enterprise
• Windows Vista Business
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Windows 7 Enterprise
• Windows 7 Home Basic
• Windows 7 Home Premium
• Windows 7 Professional
• Windows 7 Ultimate
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Server 2008 R2 Datacenter
• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Standard
• Windows 8
• Windows 8 Enterprise
• Windows 8 Pro
• Windows Server 2012 Datacenter
• Windows Server 2012 Essentials
• Windows Server 2012 Foundation
• Windows Server 2012 Standard
It is important to note:
It is not recommended to leave SMBv2 or SMBv3 deactivated. It should only be turned off temporarily for troubleshooting purposes. Leaving it deactivated may result in the deactivation of certain Windows server functions. The following features may be removed as a result of removing SMBv2 and SMBv3:
Disabling SMBv2 on Windows 7 and Windows Server 2008 R2 disables the following functions:
• Request compounding: This feature allows users to send many SMB 2 requests as a single network request.
• Increased reads and writes – greater utilization of faster networks
• Property caching for folders and files – clients maintain local copies of folders and files.
• Durable handles – when there is a temporary disconnection, it allows the connection to transparently reconnect to the server
• Improved message signing – hashing algorithm HMAC SHA-256 replaces MD5.
• Improved file sharing scalability – increases the number of users, shares, and open files per server
• Support for symbolic hyperlinks
• Client oplock leasing model – it automatically restricts the amount of data exchanged between the client and server, resulting in improved performance on high-latency networks and increased SMB server scalability.
• Large MTU support enables full utilization of 10-gigabyte (GB) Ethernet.
• Improved energy efficiency – clients with open files to a server can sleep.
Disabling SMBv3 on Windows 8 and Windows Server 2012 will disable the following as well as the previously listed functions:
• Transparent Failover enables clients to rejoin the cluster nodes without interruption during maintenance or failover.
• Scale Out – it enables concurrent access to shared data across all file cluster nodes.
• Multichannel – aggregation of network bandwidth and fault tolerance if many channels between client and server are available
• SMB Direct – provides RDMA networking functionality for extremely high performance, low latency, and minimal CPU consumption.
• Encryption – provides end-to-end encryption and completely protects against snooping on untrustworthy networks
• Directory Leasing – its caching functionality aids in improving application response times in branch offices
• Performance enhancements – enhancements for small random read/write I/O.
Disabling and Enabling SMB Protocols on the SMB Server
Microsoft Windows 8 and Windows Server 2012 provided a new cmdlet [Set-SMBServerConfiguration] in Windows PowerShell that enables and disables the SMBv1, SMBv2, and SMBv3 protocols on the server. Because the SMB protocols use the same stack, whether you enable or disable the Server Message Block version 2 (SMBv2) in Windows 8 or Windows Server 2012, the SMBv3 is also enabled or disabled. There is also no need to restart your system after running the Set-SMBServerConfiguration cmdlet.
Run the following command to obtain the current state of the SMB server protocol configuration:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Run the following command to disable SMBv1 on the SMB server:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
By running the following command, you can disable SMBv2 and SMBv3 on the SMB server:
Set-SmbServerConfiguration -EnableSMB2Protocol $false
Run the following command to enable SMBv1 on the SMB server:
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Run the following command to enable SMBv2 and SMBv3 on the SMB server:
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Steps for Enabling and Disabling SMB Protocols on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. When using Windows PowerShell 2.0 or later:
Run the following command to disable SMBv1 on the SMB server:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Value 0 –Force
Run the following command to disable SMBv2 and SMBv3 on the SMB server:
Set-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 –Value 0 –Force
Enables SMBv1 on the SMB server by running the following command:
Set-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 –Value 1 –Force
Run the following command to enable SMBv2 and SMBv3 on the SMB server:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 -Value 1 -Force
Please keep in mind that after making modifications to the SMB server, you must restart your system.
Making Use of Registry Editor:
It is important to note: • Make a backup of the registry before making any changes to it.
Using the registry, follow these steps to enable and stop SMBv1 on the SMB server:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1 REG_DWORD: 0 = Disabled REG_DWORD: 1 = Enabled Default: 1 = Enabled
Using the registry, follow these steps to enable and stop SMBv2 on the SMB server:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2 REG_DWORD: 0 = Disabled REG_DWORD: 1 = Enabled Default: 1 = Enabled
Enabling and Disabling SMB Protocols on the SMB Client
The instructions below are for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
Run the following commands to disable SMBv1 on the SMB client:
sc.exe configlanmanworkstationdepend=bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
Run the following commands to enable SMBv1 on the SMB client:
sc.exe configlanmanworkstationdepend=bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto
Run the following commands to disable SMBv2 and SMBv3 on the SMB client:
sc.exe configlanmanworkstationdepend=bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
Run the following commands to enable SMBv2 and SMBv3 on the SMB client:
sc.exe configlanmanworkstationdepend=bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
It is important to note:
• The commands are executed at an elevated command prompt.
• The system must be restarted after these changes are made.
