What is SMB protocol, How to Enable and Disable in Windows?
- Details
- Last Updated: Tuesday, 10 July 2018 04:55
- Hits: 3970
All about SMB protocol, How to determine the version of SMB? How enable and disable SMBv1, SMBv2, and SMBv3 in Microsoft Windows Client and Windows Server?
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The SMB Protocol is a client-server implementation and consists of a set of data packets, each containing a request sent by the client or a response sent by the server. All network share access through the SMB protocol.
Samba implements CIFS (Common Internet File System) network protocol. This is (Windows SMB) what allows Samba to communicate with (newer) MS Windows systems. Typically you will see it referred to SMB/CIFS.
In the OSI networking model, Microsoft SMB Protocol is most often used as an Application layer or a Presentation layer protocol, and it relies on lower-level protocols for transport. The transport layer protocol that Microsoft SMB Protocol is most often used with is NetBIOS over TCP/IP.
If you are still running SMB1, you already have a much bigger problem. As per “CVE-2016-3345” The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted. In September of 2016, MS16-114, a security update that prevents denial of service and remote code execution has been released for windows, you may download from - https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-114.
Full article about CVE-2016-3345 - https://www.cvedetails.com/cve/cve-2016-3345
SMB Port number which used to work properly –
TCP ports 445
UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP)
Default SMB version used and History –
The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s.
History - Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Interrupt 33" (21h) local file access into a networked file system
SMBv1 - Windows Server 2003, Windows XP and older NAS devices use SMB1/CIFS natively
SMBv2 - It was introduced in Windows Vista and Windows Server 2008
SMBv3 - It was introduced in Windows 8 and Windows Server 2012.
Features - SMB Encryption, introduced with SMB 3.0, used a fixed cryptographic algorithm: AES-128-CCM
SMBv3.1.1 - It was introduced in Windows 10 and Windows Server 2016.
Here’s a table to help you understand what version you will end up using.
|
OS |
Windows 10 |
Windows 8.1 |
Windows 8 |
Windows 7 |
Win Vista |
Previous |
|
Windows 10 |
SMB 3.1.1 |
SMB 3.0.2 |
SMB 3.0 |
SMB 2.1 |
SMB 2.0.2 |
SMB 1.x |
|
Windows 8.1 |
SMB 3.0.2 |
SMB 3.0.2 |
SMB 3.0 |
SMB 2.1 |
SMB 2.0.2 |
SMB 1.x |
|
Windows 8 |
SMB 3.0 |
SMB 3.0 |
SMB 3.0 |
SMB 2.1 |
SMB 2.0.2 |
SMB 1.x |
|
Windows 7 |
SMB 2.1 |
SMB 2.1 |
SMB 2.1 |
SMB 2.1 |
SMB 2.0.2 |
SMB 1.x |
|
Windows Vista |
SMB 2.0.2 |
SMB 2.0.2 |
SMB 2.0.2 |
SMB 2.0.2 |
SMB 2.0.2 |
SMB 1.x |
|
Previous |
SMB 1.x |
SMB 1.x |
SMB 1.x |
SMB 1.x |
SMB 1.x |
SMB 1.x |
How to check current SMB version and its full configuration via PowerShell-
Determine the SMB version in Windows 8, Windows 10, Server 2012 and Server 2016 –
Get the SMB version and full SMB configuration –
PS Command - Get-SmbServerConfiguration
Check the SMBv1 and SMBv2 status -
Get-SmbServerConfiguration | Select EnableSMB1Protocol
Get-SmbServerConfiguration | Select EnableSMB2Protocol
Determine the SMB version in Windows 7, Windows Vista, Server 2008, Server 2008 R2 –
Check the SMBv1 status -
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
Check the SMBv2 status -
Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}
How to check current SMB version and its full configuration by Registry REGEDIT-
You cannot determine the SMB version and configuration from Registry, but yes you can Enable or Disable from registry, for how to enable or disable SMB from registry, you will find this in next paragraph.
How to Enable and Disable server SMB protocol version:-
Enable & disable the SMB version 1 and SMBv2 in Windows 8, Server 2012 or latest:-
How to enable the SMBv1 and SMBv2 via PowerShell: -
SMBv1 - Set-SmbServerConfiguration -EnableSMB1Protocol $true
SMBv2 - Set-SmbServerConfiguration -EnableSMB2Protocol $true
How to disable the SMBv1 and SMBv2 via PowerShell: -
SMBv1 - Set-SmbServerConfiguration -EnableSMB1Protocol $false
SMBv2 - Set-SmbServerConfiguration -EnableSMB2Protocol $false
Note: -
- When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.
- You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.
Enable & Disable the SMBv1 & SMBv2 in Windows Vista, Win 7, Server 2008, 2008R2:-
Note: - Below commands requires PowerShell 2.0 or later version of PowerShell: -
How to enable the SMBv1 and SMBv2 via PowerShell for Win7: -
SMBv1:- Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 –Force
SMBv2 and SMBv3:-
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 –Force
How to Disable the SMBv1 and SMBv2 via PowerShell for Win7: -
SMBv1:- Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
SMBv2 and SMBv3: -
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 –Force
Disable SMBv1 Server with Group Policy