WINDOWS 11 By Mary Branscombe It’s going to get harder and harder to connect to your NAS as a guest with SMB. That’s a good thing for security, but it
[See the full post at: SMB security changes in Windows 11 might affect your NAS, too]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
SMB security changes in Windows 11 might affect your NAS, too
Home » Forums » Newsletter and Homepage topics » SMB security changes in Windows 11 might affect your NAS, too
- This topic has 9 replies, 6 voices, and was last updated 3 weeks ago.
AuthorTopicMary Branscombe
AskWoody MVPViewing 3 reply threadsAuthorReplies-
doriel
AskWoody LoungerIn Windows 10, the older SMB can be turned on (old Control Panel – Programs and Features – Turn Windows features on or off).
Im wondering if its also in Win11, but it should not be problem to turn that on. Well, if you what to do.. obviously.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
Susan Bradley
ManagerYes it can be reenabled in Windows 11.
But be aware that in the future: https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
“This is not the final story, though: I am also announcing that we are going to remove the SMB1 binaries in a future release. Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc. – I’ll have more details on this in a few months. ”
They have not done this yet, we will very definitely keep an eye out for when they do.
Susan Bradley Patch Lady/Prudent patcher
-
doriel
AskWoody LoungerThank you, that sounds good. I would not turn that on, unless I explicitly need it. But I met several devices that require that (mostly older specialized devices, like microscopes, measuring devices, etc.), usually to write data somewhere (NAS – and it was not possible to get newer versions of SMB). Good to know it wont be turned off completely, because those devices could be very expensive to replace.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
Mary Branscombe
AskWoody MVPIf you have those older devices and you have to enable SMB1 to use them, it’s best to find ways of segregating them from the rest of your network, only using the SMB1 storage for collecting data from them temporarily and then moving it to storage that is better protected. SMB1 is a huge security risk and cleaning up after a successful attack will probably a couple of orders of magnitude more expensive than replacing even specialised hardware in most cases.
1 user thanked author for this post.
-
doriel
AskWoody LoungerYes, exactly. Those devices are separated on the PCN subnet.
Defended by a company fifewall, without the internet access, so for me the risk should be minimized. And scheduled task launches robocopy, which copies the data on weekly basis.Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
-
-
-
wavy
AskWoody PlusSMB 3.0.2
SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2;[49][50] in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security.[51][52]
It seems like we have a newer version but of course as far as I can tell we still need SMB1 for file sharing and for access ing my router connected USB drive. 17 years since SMB 2 was released and vendors took how long to utilize it??
🍻
Just because you don't know where you are going doesn't mean any road will get you there.-
Mary Branscombe
AskWoody MVPMost vendors skipped SMB2 because there wasn’t a free implementation of it and they didn’t want to pay to licence a version; even now we have free SAMBA implementations of various SMB releases, lots of hardware vendors haven’t bothered to offer updates for older devices because they already have your money. If your router or USB drive still require SMB1 for connecting, I recommend you start planning to replace them: the security issues with SMB1 are inherent to the protocol and will keep getting exploited.
glnz
AskWoody LoungerGreat article but very confusing to us non-techs as to what to do next. I have two questions:
- On my home PC (Win 10 Pro 64-bit on a 9-year old Dell Optiplex 7010 Mini-Tower), I don’t need to select a user name or enter a password to log on.
The only way I can communicate with my HP Printer (OfficeJet Pro 9015) over my Workgroup network is by having both SMB 1 enabled and higher-level SMB turned off.
I concluded that I could not use a higher level of SMB unless I set my PC to require the selection of a user name and the entry of a password to log on, but I have never been sure that my conclusion is correct. (Is it?)
So, what must I do going forward if I want to stick to my PC and HP OJP 9015? - I actually have a bunch of used Dell Optiplex 7010 Mini-Towers running Win 10 Pro 64-bit (from my company), and I was thinking about using one of them as a file server for my wife’s mini-office. If I try to do that (which I don’t know how to do anyway), must I plan to use SMB 3.x (which one?) and will I be able to do that?
- If my wife’s mini-office also has some Apple computers that need to connect to that server, what will work?
Thanks.
Paul T
AskWoody MVPHome networks don’t need to worry about SMB. If you get a malware infection that has an SMB worm you won’t lose much because you have offline backups (don’t you?).
Offices need to keep up with best security practice so SMB 1 should be removed. SMB 2 will then be used by both machine types.
Does the office have any scanners / older equipment that you connect over the network?
cheers, Paul
Viewing 3 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
“New” Google Sites vs Network Solutions: domain resolution (Awaiting moderation)
by
Towson_Steve
1 hour, 10 minutes ago -
Topic: Privacy Report on Modern Cars
by
oldfry
12 minutes ago -
Microsoft’s massive Windows 11 update, featuring Copilot AI, begins rolling out
by
Alex5723
2 hours, 30 minutes ago -
MailStore Home updates
by
Alex5723
16 hours, 15 minutes ago -
T-Mobile users say they see other people’s account information
by
Alex5723
1 day, 3 hours ago -
Retirement of Exchange Web Services in Exchange Online
by
Alex5723
1 day, 15 hours ago -
What Remote Desktop credentials do I use to access a MS Account computer
by
JP
4 hours, 59 minutes ago -
Office 2003 Compatibility with One Drive in Windows 11
by
langsjw
2 days, 2 hours ago -
Has KB5030219 been pulled for Windows 11 Pro for Workstations?
by
jharri46
5 hours, 13 minutes ago -
By default encryption on Apple
by
Susan Bradley
1 day, 20 hours ago -
KB5029331 Macrium/Reflect
by
fpefpe
1 day, 21 hours ago -
Windows 10 Build 19045.3513 (22H2) to Release Preview Channel
by
joep517
2 days, 8 hours ago -
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
by
Nibbled To Death By Ducks
1 day, 17 hours ago -
Change CPU/Mainboard without reinstallation of OS and Apps – Win10
by
schmersa
1 day, 23 hours ago -
Mouse slows to crawl if Edge in focus
by
bryash
3 days, 4 hours ago -
Windows and Surface chief Panos Panay is leaving Microsoft
by
Alex5723
2 days, 17 hours ago -
Essential Office Portable
by
Microfix
3 days, 5 hours ago -
Essential Office: Disable Spell Check
by
Bob Blum
3 days, 5 hours ago -
Apple 2030
by
Will Fastie
1 day, 3 hours ago -
Wi-Fi 7? Why not!
by
B. Livingston
3 hours, 6 minutes ago -
Second city — the AI view from Washington
by
Max Stul Oppenheimer
3 days, 14 hours ago -
Zeroing in on zero days
by
Susan Bradley
1 day, 23 hours ago -
LMDE – Software Update
by
bassmanzam
1 day, 5 hours ago -
MacAfee anti virus left overs
by
Barry
23 hours, 45 minutes ago -
Google issues update for Chrome 109 (Win 7 – Server 2012r2) that fixes WebP
by
n0ads
4 hours, 30 minutes ago -
Microsoft apparently canning P2P Win32 services on Windows 11 23H2, Windows 12
by
Alex5723
53 minutes ago -
Inserting from clipboard into posting
by
WSraysig
3 days, 23 hours ago -
Background picture not invoked @ startup
by
WSraysig
2 days, 3 hours ago -
download Linux Mint most recent
by
rjacobscan
4 days, 7 hours ago -
Modify email account settings
by
metzmatt
4 days, 15 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.