WINDOWS 11 By Mary Branscombe It’s going to get harder and harder to connect to your NAS as a guest with SMB. That’s a good thing for security, but it
[See the full post at: SMB security changes in Windows 11 might affect your NAS, too]
![]() |
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
SMB security changes in Windows 11 might affect your NAS, too
Home » Forums » Newsletter and Homepage topics » SMB security changes in Windows 11 might affect your NAS, too
- This topic has 9 replies, 6 voices, and was last updated 3 months ago.
AuthorTopicMary Branscombe
AskWoody MVPViewing 3 reply threadsAuthorReplies-
doriel
AskWoody LoungerIn Windows 10, the older SMB can be turned on (old Control Panel – Programs and Features – Turn Windows features on or off).
Im wondering if its also in Win11, but it should not be problem to turn that on. Well, if you what to do.. obviously.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
Susan Bradley
ManagerYes it can be reenabled in Windows 11.
But be aware that in the future: https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
“This is not the final story, though: I am also announcing that we are going to remove the SMB1 binaries in a future release. Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc. – I’ll have more details on this in a few months. ”
They have not done this yet, we will very definitely keep an eye out for when they do.
Susan Bradley Patch Lady/Prudent patcher
-
doriel
AskWoody LoungerThank you, that sounds good. I would not turn that on, unless I explicitly need it. But I met several devices that require that (mostly older specialized devices, like microscopes, measuring devices, etc.), usually to write data somewhere (NAS – and it was not possible to get newer versions of SMB). Good to know it wont be turned off completely, because those devices could be very expensive to replace.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
Mary Branscombe
AskWoody MVPIf you have those older devices and you have to enable SMB1 to use them, it’s best to find ways of segregating them from the rest of your network, only using the SMB1 storage for collecting data from them temporarily and then moving it to storage that is better protected. SMB1 is a huge security risk and cleaning up after a successful attack will probably a couple of orders of magnitude more expensive than replacing even specialised hardware in most cases.
1 user thanked author for this post.
-
doriel
AskWoody LoungerYes, exactly. Those devices are separated on the PCN subnet.
Defended by a company fifewall, without the internet access, so for me the risk should be minimized. And scheduled task launches robocopy, which copies the data on weekly basis.Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
-
-
-
wavy
AskWoody PlusSMB 3.0.2
SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2;[49][50] in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security.[51][52]
It seems like we have a newer version but of course as far as I can tell we still need SMB1 for file sharing and for access ing my router connected USB drive. 17 years since SMB 2 was released and vendors took how long to utilize it??
🍻
Just because you don't know where you are going doesn't mean any road will get you there.-
Mary Branscombe
AskWoody MVPMost vendors skipped SMB2 because there wasn’t a free implementation of it and they didn’t want to pay to licence a version; even now we have free SAMBA implementations of various SMB releases, lots of hardware vendors haven’t bothered to offer updates for older devices because they already have your money. If your router or USB drive still require SMB1 for connecting, I recommend you start planning to replace them: the security issues with SMB1 are inherent to the protocol and will keep getting exploited.
glnz
AskWoody PlusGreat article but very confusing to us non-techs as to what to do next. I have two questions:
- On my home PC (Win 10 Pro 64-bit on a 9-year old Dell Optiplex 7010 Mini-Tower), I don’t need to select a user name or enter a password to log on.
The only way I can communicate with my HP Printer (OfficeJet Pro 9015) over my Workgroup network is by having both SMB 1 enabled and higher-level SMB turned off.
I concluded that I could not use a higher level of SMB unless I set my PC to require the selection of a user name and the entry of a password to log on, but I have never been sure that my conclusion is correct. (Is it?)
So, what must I do going forward if I want to stick to my PC and HP OJP 9015? - I actually have a bunch of used Dell Optiplex 7010 Mini-Towers running Win 10 Pro 64-bit (from my company), and I was thinking about using one of them as a file server for my wife’s mini-office. If I try to do that (which I don’t know how to do anyway), must I plan to use SMB 3.x (which one?) and will I be able to do that?
- If my wife’s mini-office also has some Apple computers that need to connect to that server, what will work?
Thanks.
Paul T
AskWoody MVPHome networks don’t need to worry about SMB. If you get a malware infection that has an SMB worm you won’t lose much because you have offline backups (don’t you?).
Offices need to keep up with best security practice so SMB 1 should be removed. SMB 2 will then be used by both machine types.
Does the office have any scanners / older equipment that you connect over the network?
cheers, Paul
Viewing 3 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Sexual Offender Review (Awaiting moderation)
by
allisonenyeart
21 minutes ago -
Unusual Article Uncovers The Deceptive Practices Of Roofing Company Chandler AZ (Awaiting moderation)
by
ginahoke6317
33 minutes ago -
Time-Tested Ways To Tv Shows Greece (Awaiting moderation)
by
denesewolff0
1 hour, 25 minutes ago -
MS Word functionality (Awaiting moderation)
by
Umar Farooq
1 hour, 50 minutes ago -
Woman in front of 2 mirrors. One shot 2 different reflections
by
Alex5723
4 hours, 22 minutes ago -
Steam drops macOS Mojave support, effectively ending life for many 32-bit games
by
Alex5723
6 hours, 9 minutes ago -
Requiring Bit-Locker key when it isnt activated after Win 11 update
by
BradH
1 hour, 38 minutes ago -
KB5032189 Not installing on either of my PCs
by
WSPseudoGeek
6 hours, 30 minutes ago -
Outlook.com – is there a way to delete all contacts in bulk?
by
Everard Tarascio
13 hours, 3 minutes ago -
Apple zero days fixed – November 30, 2023
by
Susan Bradley
12 hours, 49 minutes ago -
found a skneaky way to get windows 11 free still.
by
tjm1963
17 hours, 41 minutes ago -
Quickbooks – no new desktop subscriptions to be sold
by
Susan Bradley
20 hours, 13 minutes ago -
Does updating to Win10 from Win7 Retain your applications successfully?
by
WSMrKnobs
18 hours, 27 minutes ago -
Using Dropbox source data for a Connection in Excel with different machines
by
WSGfamily
21 hours, 47 minutes ago -
Microsoft installing HP Smart secretly on non HP PCs
by
Alex5723
20 hours, 42 minutes ago -
Fun Stuff – Mystery Zone
by
Lars220
1 day, 11 hours ago -
How to make sure GMAIL does not delete my account since they are not letting ..?
by
Gmail
9 hours, 7 minutes ago -
Windows Explorer – search for files that are not shortcuts?
by
edsel1924
1 day, 5 hours ago -
Windows 11 Insider Preview build 23595 released to DEV
by
joep517
1 day, 17 hours ago -
Windows 11 Insider Preview build 26002 released to Canary
by
joep517
19 hours, 39 minutes ago -
Windows 11 Insider Preview Build 22635.2776 released to BETA
by
joep517
1 day, 17 hours ago -
Getting ‘not genuine Windows’ after replacing HDD
by
opti1
23 hours, 11 minutes ago -
Amazon Alexa Echo Hunches
by
Richard C Algeni
1 day, 18 hours ago -
Microsoft Defender Application Guard for Office is being deprecated
by
Alex5723
1 day, 19 hours ago -
New BLUFFS attack lets attackers hijack Bluetooth connections
by
Alex5723
1 day, 20 hours ago -
Don’t have your online identity in just one account
by
Susan Bradley
5 hours, 59 minutes ago -
Sports Illustrated Published Articles by Fake, AI-Generated Writers
by
Cybertooth
1 day, 15 hours ago -
Windows 32bit to 64bit.
by
David Rennie
22 hours, 23 minutes ago -
Lost icons in notification area, Windows 10
by
Botswana12
48 minutes ago -
Test Apps in vm(?) so that I don’t break my current install
by
ruffhi
16 hours, 55 minutes ago
Recent blog posts
Key Links
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | |||||
3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 | 18 | 19 | 20 | 21 | 22 | 23 |
24 | 25 | 26 | 27 | 28 | 29 | 30 |
31 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.