Network and SMB question

Topic

New Reply

Possibly a dumb question, but I’m only shakily familiar with networking: is SMB a concern for a small Workgroup network which does not include a server?  It doesn’t appear to be installed or enabled on my Windows 7 Pro machine at all.

 

Reply | Quote

Replies

SMBv1 is referred to as “legacy”, and seems to be able to be safely disabled without crippling small workgroups.

Have you checked the W7 method to disable SMBv1 in KB 2696547?

Reply | Quote

(OP)  Thank you both for responding.  I’ve disabled SMBv1, with no apparent ill effects.

I’m still puzzled why I can’t seem to find an indication that any version of SMB is present on my machine anywhere in my Windows settings, but since I received a ‘success’ message after running the commands in the article Kirsty linked, I suppose it must be there.

Reply | Quote

You will see SMBv1 in the add programs and features box, turn on/off windows features option on the left there. It might be called CIFS or something. Sorry I translate so the actual terminology might differ a bit on your Windows version.

Reply | Quote

I don’t believe the option to disable in Turn On/Off Windows features exists in older WinOS, like it does in W8.1/10. I can’t see it in the options, and KB2696547 eludes to it not being available either.
(or have I misunderstood @alexeiffel)

Reply | Quote

Oh you are right, my bad! I just verified my install procedures and this is shown starting at Windows 8 in programs and features, it is not available in Windows 7. Funny I remembered that, as I never used 8 in production myself, but I disabled SMBv1 anyway on 7 for a long time. For Windows 7, I had disabled SMBv1 at least server-side in a registry patch (see below).

Microsoft recommended disabling SMBv1 a long time ago. This is for the server-side, which means you can still access SMBv1 stations if you only disable the server-side on your PC. The client still works and you will see files on an XP share, but no XP will see you. Maybe this would be enough to also protect from the vulnerabilities since you wouldn’t be accessible from outside, but don’t just take my word for it and if client-side is not needed, I would disable it as well.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
“SMB1″=dword:00000000

info:
CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
SMB 2.0 (or SMB2) – The version used in Windows Vista (SP1 or later) and Windows Server 2008
SMB 2.1 (or SMB2.1) – The version used in Windows 7 and Windows Server 2008 R2
SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2
 

Reply | Quote

It is a concern even in your situation.

Reply | Quote

SMBv1 is used in XP and some Linux/Unix with Samba for file sharing.

If you only have Windows 7 and up on your network, you might find there is no use to it, only a potential for security issues. It was my point of view many years ago when I started disabling it on all computers I install that doesn’t need to access file shares and I didn’t have an issue with any one of them, plus none of them was vulnerable to the leaked issue because of this, even before it got leaked…

Reply | Quote

Make sure to differentiate SMB version 1 from later versions. The later versions are needed to support “file and printer sharing” networking between Windows 7 (and newer) systems.

At this point I’ve lost track of which SMB versions are used by what exploits, but Microsoft themselves recommend you disable SMB version 1 if you don’t need it for compatibility with old Windows systems.

-Noel

Reply | Quote