What is SMB protocol, How to Enable and Disable in Windows?

All about SMB protocol, How to determine the version of SMB? How enable and disable SMBv1, SMBv2, and SMBv3 in Microsoft Windows Client and Windows Server?

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The SMB Protocol is a client-server implementation and consists of a set of data packets, each containing a request sent by the client or a response sent by the server. All network share access through the SMB protocol.

Samba implements CIFS (Common Internet File System) network protocol. This is (Windows SMB) what allows Samba to communicate with (newer) MS Windows systems. Typically you will see it referred to SMB/CIFS.

In the OSI networking model, Microsoft SMB Protocol is most often used as an Application layer or a Presentation layer protocol, and it relies on lower-level protocols for transport. The transport layer protocol that Microsoft SMB Protocol is most often used with is NetBIOS over TCP/IP. 

If you are still running SMB1, you already have a much bigger problem. As per “CVE-2016-3345” The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted. In September of 2016, MS16-114, a security update that prevents denial of service and remote code execution has been released for windows, you may download from - https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-114.

Full article about CVE-2016-3345 - https://www.cvedetails.com/cve/cve-2016-3345

SMB Port number which used to work properly –

TCP ports 445

UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP) 

Default SMB version used and History –

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s.

History - Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Interrupt 33" (21h) local file access into a networked file system

SMBv1 - Windows Server 2003, Windows XP and older NAS devices use SMB1/CIFS natively

SMBv2 - It was introduced in Windows Vista and Windows Server 2008

SMBv3 - It was introduced in Windows 8 and Windows Server 2012.

Features - SMB Encryption, introduced with SMB 3.0, used a fixed cryptographic algorithm: AES-128-CCM

SMBv3.1.1 - It was introduced in Windows 10 and Windows Server 2016.

 

Here’s a table to help you understand what version you will end up using.

OS

Windows 10
Win. Server 2016 TP2

Windows 8.1 
Win. Server 2012 R2

Windows 8 
Win. Server 2012

Windows 7 
Win. Server 2008 R2

Win Vista 
Win. Server 2008

Previous 
versions

Windows 10
Win. Server 2016 TP2

SMB 3.1.1

SMB 3.0.2

SMB 3.0

SMB 2.1

SMB 2.0.2

SMB 1.x

Windows 8.1 
Win. Server 2012 R2

SMB 3.0.2

SMB 3.0.2

SMB 3.0

SMB 2.1

SMB 2.0.2

SMB 1.x

Windows 8 
Win. Server 2012

SMB 3.0

SMB 3.0

SMB 3.0

SMB 2.1

SMB 2.0.2

SMB 1.x

Windows 7 
Win. Server 2008 R2

SMB 2.1

SMB 2.1

SMB 2.1

SMB 2.1

SMB 2.0.2

SMB 1.x

Windows Vista 
Win. Server 2008

SMB 2.0.2

SMB 2.0.2

SMB 2.0.2

SMB 2.0.2

SMB 2.0.2

SMB 1.x

Previous 
versions

SMB 1.x

SMB 1.x

SMB 1.x

SMB 1.x

SMB 1.x

SMB 1.x

How to check current SMB version and its full configuration via PowerShell-

Determine the SMB version in Windows 8, Windows 10, Server 2012 and Server 2016 –

Get the SMB version and full SMB configuration –

PS Command - Get-SmbServerConfiguration

Check the SMBv1 and SMBv2 status -

Get-SmbServerConfiguration | Select EnableSMB1Protocol

Get-SmbServerConfiguration | Select EnableSMB2Protocol

Determine the SMB version in Windows 7, Windows Vista, Server 2008, Server 2008 R2 –

Check the SMBv1 status -

Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

Check the SMBv2 status -

Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath} 

How to check current SMB version and its full configuration by Registry REGEDIT-

You cannot determine the SMB version and configuration from Registry, but yes you can Enable or Disable from registry, for how to enable or disable SMB from registry, you will find this in next paragraph. 

How to Enable and Disable server SMB protocol version:-

Enable & disable the SMB version 1 and SMBv2 in Windows 8, Server 2012 or latest:-

How to enable the SMBv1 and SMBv2 via PowerShell: -

SMBv1 - Set-SmbServerConfiguration -EnableSMB1Protocol $true

SMBv2 - Set-SmbServerConfiguration -EnableSMB2Protocol $true

How to disable the SMBv1 and SMBv2 via PowerShell: -

SMBv1 - Set-SmbServerConfiguration -EnableSMB1Protocol $false

SMBv2 - Set-SmbServerConfiguration -EnableSMB2Protocol $false

Note: -

  • When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.
  • You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet. 

Enable & Disable the SMBv1 & SMBv2 in Windows Vista, Win 7, Server 2008, 2008R2:-

Note: - Below commands requires PowerShell 2.0 or later version of PowerShell: -

How to enable the SMBv1 and SMBv2 via PowerShell for Win7: -

SMBv1:- Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 –Force

SMBv2 and SMBv3:-

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 –Force

How to Disable the SMBv1 and SMBv2 via PowerShell for Win7: -

SMBv1:- Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force

SMBv2 and SMBv3: -

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 –Force

Disable SMBv1 Server with Group Policy