How to transfer FSMO roles in Active Directory? We did add another Domain Controller to…
Uninstall and disable SMBv1 in Windows
The original Server Message Block (SMB) version 1 (SMBv1) protocol is nearly 30 years old, and like much of the software made in the 80s, it was designed for a world that no longer exists. As a result, the SMBv1 protocol has significant security vulnerabilities, and Microsoft strongly encourages you not to use it. In this article, you will learn how to uninstall and disable SMBv1 in Windows.
Table of contents
What is SMBv1?
SMBv1, which stands for Server Message Block version 1, was created by Barry Feigenbaum in the early 80s as a file-sharing protocol for DOS. In the 90s, Microsoft started using SMBv1 in its operating systems as a protocol for sharing access to files, printers, and other resources on a network.
The SMBv1 protocol leaves your organization’s server/clients open to cyberattacks. It’s, therefore, important to stop using this more than 30-year-old protocol right now!
Get SMBv1 status in Windows
Check if the SMBv1 feature is installed with PowerShell.
PS C:\> Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
FeatureName : SMB1Protocol
DisplayName : SMB 1.0/CIFS File Sharing Support
Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
RestartRequired : Possible
State : Enabled
CustomProperties :
ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
ServerComponent\Id : 487
ServerComponent\Type : Feature
ServerComponent\UniqueName : FS-SMB1
ServerComponent\Deploys\Update\Name : SMB1ProtocolCheck the SMBv1 protocol status with PowerShell.
PS C:\> Get-SmbServerConfiguration | Select EnableSMB1Protocol
EnableSMB1Protocol
------------------
TrueHow to uninstall and disable SMBv1 in Windows
It’s very important that you DISABLE and UNINSTALL SMBv1 protocol in Windows. Most administrators do only one of the tasks and think this is the correct way. Unfortunately, it’s not, and you have to do both.
Note: Ensure that you disable and uninstall the SMBV1 protocol in Windows.
1. Disable SMBv1 protocol
Disable SMBv1 protocol with PowerShell
PS C:\> Set-SmbServerConfiguration -EnableSMB1Protocol $falseVerify that SMBv1 protocol is disabled.
PS C:\> Get-SmbServerConfiguration | Select EnableSMB1Protocol
EnableSMB1Protocol
------------------
False2. Uninstall SMBv1 protocol feature
Uninstall the SMBv1 feature with PowerShell.
Note: You need to restart after uninstalling the SMBv1 feature.
PS C:\> Disable-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolCheck that SMBv1 feature is uninstalled.
PS C:\> Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
FeatureName : SMB1Protocol
DisplayName : SMB 1.0/CIFS File Sharing Support
Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
RestartRequired : Possible
State : Disabled
CustomProperties :
ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
ServerComponent\Id : 487
ServerComponent\Type : Feature
ServerComponent\UniqueName : FS-SMB1
ServerComponent\Deploys\Update\Name : SMB1ProtocolYou successfully turned off and disabled SMBv1.
Read more: How to Enable TLS 1.2 on Windows Server »
Conclusion
You learned how to uninstall and disable SMBv1 in Windows. This can be Windows Server or Windows clients. Check the status and ensure SMBv1 is turned off and disabled. Suppose you have many Windows Servers and clients, an excellent way to push this change is through a GPO.
Did you enjoy this article? You may also like Install Windows Server on Virtual Machine. Don’t forget to follow us and share this article.
What Others Are Reading
This Post Has 0 Comments