• SMB1 now disabled as default for Windows 11 Home Insiders builds

    Home » Forums » AskWoody support » Windows » Windows 11 » Questions about Windows 11 » SMB1 now disabled as default for Windows 11 Home Insiders builds

    Author
    Topic
    #2440725

    https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473

    Heya folks, Ned here again. I have a pretty big announcement: we’ve started the final phase of disabling SMB1 in Windows.

    As you probably know, we began shipping Windows 10 and Windows Server with SMB1 not installed by default in RS3, the “Fall Creators Update” of 2017. Initially, we stopped installing the SMB1 server service in any editions of Windows and stopped installing the SMB1 client service in most editions of Windows. Home and Pro editions still had the client so users could connect to the vast fleet of consumer and small business third-party NAS devices that only supported SMB1. If the client didn’t see any outbound use of SMB1 after total 15 days of uptime, it would then automatically uninstall it. In RS5 – version 1809 – we stopped installing SMB1 client in Pro editions. ..

    And now the time has come to end the last remaining piece. If you install a Windows Insider Dev channel build in any variant of Home Edition, the SMB1 client isn’t installed. ..

    1 user thanked author for this post.
    Viewing 3 reply threads
    Author
    Replies
    • #2440745

      For some period of time, you’ll still be able to add the SMB1 client in the “add windows features” control panel applet. From the same article though is

      “This is not the final story, though: I am also announcing that we are going to remove the SMB1ย binaries in a future release. Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc. – I’ll have more details on this in a few months. ”

       

      --Joe

    • #2440812

      When I stumbled upon this news yesterday, I had to read everything twice. Back in 2016/2017 when the security of SMB1 became a front-line issue, I thought Microsoft had ceased installation across the entire Windows portfolio. So I was surprised to learn in 2022 that Win Home was (is) an exception.

      While I don’t disagree with MS for the most part (except removal of binaries), this bit from the blog is confusing ….

      “At the next major release of Windows 11, that will be the default behavior as well (not installed). Like always, this doesn’t affect in-place upgrades of machines where you were already using SMB1. SMB1 is not gone here, an admin can still intentionally reinstall it.”

      [1] Why would an admin have to “reinstall” if in-place upgrades aren’t affected?
      [2] Home users have an admin?

      The reason binaries shouldn’t be removed just yet is for those of us providing remote support for people who fall through the cracks. Having the binaries in add/remove features is simpler than guiding Grandma through the download and install process via voice.

      • #2440851

        1) Continuous feature upgrading seems to retain features, except when Microsoft does not want you to have them for various reasons.

        2) Yes.

    • #2441280

      Well, according to Ned Pyle’s latest missive, dated April 19, 2022, SMB1 is now being disabled by default on the insider preview versions of Windows 11. Here’s the link to the actual post on MS’s site:

      https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473

      In the post at the link above, Ned even lets spill some news about their future plans in the next few months with regards to SMB1:

      I am also announcing that we are going to remove the SMB1 binaries in a future release. Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc. – I’ll have more details on this in a few months.

      I added the bolding in the quote above for emphasis. In the post and quote above, he’s referring to Windows 11, but I suppose that MS could also do the very same thing to Windows 10 as well in the very same way…remove the files that make SMB1 work.

      I’m running Windows 10 Pro and I have all the boxes for SMB1 completely empty, so I don’t think I’m running even a shred of SMB1. The article above has an image that shows how SMB1 is completely disabled in a test copy of Windows 11, and that image is identical to the same thing on my copy of Windows 10.

      So, bottom line for anyone running any really old hardware (or not so old hardware…just read the comments at the bottom of the article at the link above), sounds like it’s finally time to find some newer hardware that will do what your older stuff is doing now, despite what Ned says above about providing a special install package for SMB1 that’s completely unsupported.

      For folks at home and folks running a small business, there is repeated mention of NAS, or Network Attached Storage in the article. I take that to mean that this is a key item in MS’s opinion that will be affected by the disablement (and eventual removal) of SMB1 in Windows 11. For those who don’t know just what Network Attached Storage is, the simplest form of it that I’ve encountered (for home users, anyway) is where you have a spinning hard drive (HDD) attached to your router’s USB port that is visible to all or most of the computers connected to the router.

      Here on AskWoody, there have been several posts in the past dealing with the security hole that is SMB1, and how to disable it so you’re not affected by its lack of security for today’s needs.

      [Moderator edit] Duplicate topic, merged with Alex thread.

      • #2441396

        My sincerest apologies to whichever moderator had to move my post from its separate topic to this one. I did look at the topic list before posting it last night, but evidently not well enough. ๐Ÿ˜ณ ๐Ÿ™

    • #2441390

      I believe it is the server function that is the problem on pcs so if only client is checked a small network should be relatively safe. Of course in my case my r7000 router is the server(for a USB thumb drive) so maybe that could be unsafe I am not sure about that. Too bad Netgear can not do an update the the firmware to a safer protocol.

      ๐Ÿป

      Just because you don't know where you are going doesn't mean any road will get you there.
      • #2441397

        @wavy

        One quick way for you to find out if you might wind up being affected would be to go into the location shown in the article (or in Windows 10, the Programs and Features app of Control Panel and select the option on the left side of the window that says “Turn Windows features on or off”) and clear all 3 boxes for SMB1. Now click “OK” on that selection box and reboot the computer if Windows didn’t tell you to do so after you cleared those 3 boxes.

        After rebooting and getting back to your desktop, see if Windows sees your thumb drive that’s attached to your router. If it does, double click on it to see if you can see its contents. If you can see the contents and open them up/run them, then you’re not affected by the lack of SMB1 support. However, if you don’t have the same level of access to the drive that you had with SMB1 turned on/enabled, then obviously you need to keep it enabled at all costs.

        I mention this because, although MS mentioned NAS (Network Attached Storage) in their write-up, that in and of itself doesn’t necessarily mean that every single instance of NAS will definitely be affected by the pending removal of SMB1…your individual instance might not be affected.

        • #2441567

          I had found my router to not show its attached drive w/o SMB1 active. Shame on Netgear!!

          ๐Ÿป

          Just because you don't know where you are going doesn't mean any road will get you there.
        • #2441571

          Even using alejr’s method in post 2441496 below??ย  โฌ‡

      • #2441496

        Of course in my case my r7000 router is the server(for a USB thumb drive) so maybe that could be unsafe I am not sure about that. Too bad Netgear can not do an update the the firmware to a safer protocol.

        Same situation except my router is a Netgear WRT1200AC.

        Tried completely disabling SMB but was unable to do so (Windows keep rolling back the change during the reboot.)

        Did a bit of investigating and discovered the problem was Windows required the “SMB 1.0/CIFS Client” to communicate with the 2 TB drive I have attached to the router’s USB port (with the client removed, Windows couldn’t even see the drive.)

        However, even with the SMB 1.0/CIFS Client feature installed, I was able to disable the vulnerable SMBv1 Protocol and still access the drive (so at least my router’s firmware does support SMBv2.)

        To detect the SMB1 protocol status, use the following powershell command.

        Get-SmbServerConfiguration | Select EnableSMB1Protocol

        Note: replace 1 with 2 for the SMB2 protocol

        To disable the SMB1 protocol, use the following powershell command.

        Set-SmbServerConfiguration -EnableSMB1Protocol $false

        Note: replace $false with $true to enable the protocol

        BTW, SMBv2 & v3 are a matched set (i.e. if SMBv2 is enabled, it also enables v3.)

        1 user thanked author for this post.
    Viewing 3 reply threads
    Reply To: SMB1 now disabled as default for Windows 11 Home Insiders builds

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: