SMBv1 FAQ and Windows networks

[German]For security reasons, Microsoft would like to retire the SMBv1 network protocol in Windows and recommends not to use it. In this article I have collected some information on this topic.


Advertising


What is SMBv1 and why should it be removed?

The abbreviation SMB stands for Server Message Block (former names are LAN Manager or NetBIOS protocol), a network protocol for file, print and other server services in computer networks. Version 1 (SMBv1) of the network protocol designed over 30 years ago, and especially the Microsoft implementation, is considered very error-prone and security-critical (see Microsoft plans to deactivate SMBv1 in  Windows 10 V1709 and Stop Using SMB1).

In the meantime there are SMBv2 and SMBv3, so that the use of SMBv1 in Windows networks is no longer absolutely necessary. Even Windows Vista, which has fallen out of support, is no longer dependent on SMBv1, for example, since SMBv2 is used there.

Another reader for Microsoft to retire SMBv1

In May 2017, the Trojan WannaCry infected thousands of computers worldwide. A reason for the question ‘why could WannaCry spread over thousands Windows system?’ was a vulnerability in the SMBv1 implementation of Windows. However, this vulnerability has been already closed by security updates from Microsoft before the WannaCry attack. Actually WannaCry could no longer have exploited the vulnerability. But we still have Wanny Cry infection due to still unpatched computers.

Maintaining the SMBv1 code involves a certain amount of effort and it cannot be ruled out that the implementation may contain further weak points. Therefore Microsoft decided to pull SMBv1 in future Windows 10 installs, and wants to prevent and force people to switch to SMBv2 or SMBv3.

Chaos: Removing SMBv1 in Windows 10

I pointed out within my blog post Microsoft plans to deactivate SMBv1 in Windows 10 V1709 that Microsoft will start to gradually disable SMBv1 in Windows 10. SMBv1 is no longer automatically installed with new installations of Windows 10. This was planned step by step:


Advertising

  • In Windows 10 Enterprise Microsoft removed SMBv1 in summer 2017. Also upcoming Windows Server 2019 won’t install SMBv1 automatically.
  • From Windows 10 version 1709 onwards Microsoft then began to remove SMBv1 for the remaining Windows 10 variants during a new installation (see my blog post Microsoft plans to deactivate SMBv1 in Windows 10 V1709).
  • In Windows 10 version 1803, SMBv1 should be automatically disabled if the protocol is not used for 14 days.

Regarding the question whether SMBv1 in Windows 10 version 1803 is automatically uninstalled when not in use – as planned by Microsoft – there are a number of special features to note. I had mentioned the specialities in the blog port Windows 10 Pro V1803: SMBv1 ‘special traps’.

SMBV1 issues in Windows 10 Version 1803

Deactivating SMBv1 resulted in several issues in Windows 10 V1803 (see my blog posts Windows 10 Version 1803: Network environment empty). An can activate or deactivate SMBv1 manually in Windows 10. However, a bug in Windows 10 version 1803 caused an automatically deactivated SMBv1 to no longer work correctly when activated manually. Microsoft has fixed this with update KB4284848 (see my blog post PSA: Windows 10 V1803: Update KB4284848 brings SMBv1 fix).

How to remove SMBv1?

If you want to remove SMBv1 in your Windows environment for security reasons, you can do so under Windows 7 to Windows 10. Microsoft has published this document, which describes the corresponding registry operations or PowerShell commands. Furthermore, there are group policies to disable SMBv1 on systems. 

From Windows 8.and above you can also use Windows Features and uncheck the SMB 1.0/CIFS File Sharing Support checkbox (see screenshot above). Then the feature will also be removed during the next reboot. In this blog post, Microsoft also provides advice on how to disable using SMBv1, which also works in PowerShell using the command:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

This command removes support for SMBv1 on the Windows client. 

German blog reader Karl has informed me by e-mail that SMBv2 and SMBv3 are stacked on each other. It is therefore not possible to disable SMB2 and use only SMB3. He has send my also a link to this Microsoft article, which contains the SMB compatibility matrix for Windows.

Potential issues caused by removing SMBv1?

Disabling SMBv1 in Windows (either manually or when reinstalling Windows 10) can cause significant problems. Even though Ned Pyle reports in Tweets that he has running systems without SMBv1 for 2 years and nothing has changed, the world out there looks different. All devices that depend on SMBv1 will then no longer work within a network.

  • Many All-in-on devices with scanning capabilities use SMBv1 to store scans over the network on network shares. If the devices do not support SMBv2 or SMBv3, it would no longer be usable. I had mentioned this topic in the article Windows 10: Scanner fails after update.
  • In Windows 10 V1803 network environments, other computers may not be found, the network environment is empty. However, this issue can be solved by certain changes in the Windows services. I covered the topic in Windows 10 Version 1803: Network environment empty. This Microsoft article also contains hints to fix this issue.
  • Using NAS drives on a network causes problems when SMBv1 is turned off. I got several comments within my German blog. Also the router firmware of German FRITZ!Box models (company AVM) doesn’t support NAS drives that can be integrated as USB media, if SMBv1 is missing.

German blog reader Karl indicates that most Synology NAS drives use SMB1 by default. You can change this (Go to Control Panel->File Services->SMB/AFP/NFS, SMB service is enabled; AFP and NFS are not enabled; Minimum SMB protocol is SMB2, Maximum is SMB3). But if devices fails after disabling SMBv1 on the network due to missing SMBv2/v3 support, I think there will be no other options around as reactivating the network protocol. When purchasing new network devices, however, you should pay attention to the support of SMBv2. 

Similar articles:
Windows 10 Pro V1803: SMBv1 ‘special traps’
PSA: Windows 10 V1803: Update KB4284848 brings SMBv1 fix
Microsoft plans to deactivate SMBv1 in Windows 10 V1709
Windows 10 Version 1803: Network environment empty
Windows (Network) error 0x800704B3
Windows 10: Scanner fails after update
Microsoft won’t patch SMBloris vulnerability
WannaCry has infected chip maker TSMC fabs …


Advertising


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *