The following post shows detailed steps to enable and disable the Server Message Block (SMB) versions SMBv1, SMBv2 & SMBv3 on the SMB server and SMB client. The SMBv2 protocol was introduced in Windows Vista & Windows Server 2008 and the SMBv3 was introduced in Windows 8 and Windows Server 2012.
The below-given steps apply only to the following Windows versions:
• Windows Vista Enterprise
• Windows Vista Business
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Windows 7 Enterprise
• Windows 7 Home Basic
• Windows 7 Home Premium
• Windows 7 Professional
• Windows 7 Ultimate
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Server 2008 R2 Datacenter
• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Standard
• Windows 8
• Windows 8 Enterprise
• Windows 8 Pro
• Windows Server 2012 Datacenter
• Windows Server 2012 Essentials
• Windows Server 2012 Foundation
• Windows Server 2012 Standard
Important to Note:
It is recommended not to keep the SMBv2 or SMBv3 disabled. It should only be disabled for temporary troubleshooting. Keeping it disabled may deactivate various functions of the windows server. The features which might get deactivated due to disabling SMBv2 & SMBv3 are mentioned below:
Disabling SMBv2 on Windows 7 & Windows Server 2008 R2 will deactivate the below functions:
• Request compounding – it enables users to send multiple SMB 2 requests as a single network request
• Larger reads and writes – better use of faster networks
• Caching of folder and file properties – clients keep local copies of folders and files
• Durable handles – when a temporary disconnection is there, it enables for connection to transparently rejoin to the server
• Improved message signing – HMAC SHA-256 replaces MD5 as hashing algorithm
• Improved scalability for file sharing – increases the no. of users, shares, and open files per server
• Support for symbolic links
• Client oplock leasing model – it automatically limits the volume of data transferred in between the client and server, resulting in improved performance on high-latency networks and increasing the scalability of SMB server
• Large MTU support – for full use of 10-gigabyte (GB) Ethernet
• Enhanced energy efficiency – clients that have open files to a server can sleep
Disabling SMBv3 on Windows 8 & Windows Server 2012 will deactivate the below as well as above mentioned functions:
• Transparent Failover – it enables clients to rejoin the cluster nodes during the maintenance or failover without any interruption
• Scale Out – it allows concurrent access to shared data on all file cluster nodes
• Multichannel – aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
• SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization
• Encryption – offers end-to-end encryption and completely defends from snooping on untrustworthy networks
• Directory Leasing – its caching functionality helps in improving the application response times in branch offices
• Performance Optimizations – optimizations for small random read/write I/O
Steps to Enable and Disable SMB protocols on the SMB Server
Microsoft Windows 8 and Windows Server 2012 have introduced a new cmdlet [Set-SMBServerConfiguration] in the Windows PowerShell which allows you to enable and disable the SMBv1, SMBv2 & SMBv3 protocols on the server. When you enable or disable the Server Message Block version 2 (SMBv2) in Windows 8 or in Windows Server 2012, automatically the SMBv3 is enabled or disabled, as the same stack is shared by the SMB protocols. Also, there is no need to restart your system once you run the Set-SMBServerConfiguration cmdlet.
Get the current state of the configuration of the SMB server protocol by running the below command:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Disables the SMBv1 on the SMB server by running the below command:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Disables the SMBv2 and SMBv3 on the SMB server by running the below command:
Set-SmbServerConfiguration -EnableSMB2Protocol $false
Enables the SMBv1 on the SMB server by running the below command:
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Enables the SMBv2 and SMBv3 on the SMB server by running the below command:
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Steps to Enable and Disable the SMB protocols on SMB Server running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.
Using the Windows PowerShell 2.0 or later version:
Disables the SMBv1 on the SMB server by running the below command:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Value 0 –Force
Disables the SMBv2 and SMBv3 on the SMB server by running the below command:
Set-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 –Value 0 –Force
Enables the SMBv1 on the SMB server by running the below command:
Set-ItemProperty –Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 –Value 1 –Force
Enables the SMBv2 and SMBv3 on the SMB server by running the below command:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB2 -Value 1 -Force
Kindly note that you need to restart your system once you make the changes to the SMB server.
Using Registry Editor:
Important to Note:
• Before making any changes to the registry, make sure to back up it.
Steps to enable and disable the SMBv1 on the SMB server using the registry:
Registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
Steps to enable and disable SMBv2 on the SMB server using the registry:
Registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
Steps to Enable and Disable SMB protocols on the SMB client
The below steps apply to Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto
Disables the SMBv2 and SMBv3 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
Enables the SMBv2 and SMBv3 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
Important to Note:
• The commands be run at a raised command prompt.
• The system must be restarted once you make these changes.