Windows 10 tip: Stop using the horribly insecure SMBv1 protocol

Discussion in 'other security issues & news' started by ronjor, May 17, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,658
    Location:
    Texas
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    One question: I don't have SMB 1.0 / CISF option in Add remove features section on my Windows 7. Anybody know how I got it removed?
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,501
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,658
    Location:
    Texas
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    This sucks. I can't disable it. Our NAS units we use for backups require it. :mad:
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,501
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    Thanks for the suggestion but this was already done when I built this network when we moved in here. I learned that the hard way when I found out one of our employees was accessing a network share from home (at our previous location). :eek:

    Everything is patched, I guess all I can do it hope there are no other unknown issues to exploit.
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,334
    Location:
    Italy
    https://support.microsoft.com/en-gb...r-2008-r2,-windows-8,-and-windows-server-2012
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,501
    Ours was disabled but somewhere along the way it was done away with and unfortunately forgotten about, until now. :(

    Thankfully we have not been hit by anything but all of our stuff is patched and the few legacy XP machines that are still needed to connect to some of our equipment in the plant has also been patched.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Is this the only protocol for those systems that has such a gaping oversight/hole (if it actually was) or should those users or even some a bit more up the Windows series ladder like 8 have other potential avenues via different ports, and how can they know before some next wave comes down the pike.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    o_O If Microsoft has been recommending for years to disable SMBv1, why is it enabled in Win10?

    Someone who installed Win 10 from scratch please checked if SMBv1 is enabled. Perhaps if enabled in a prior Win ver., the SMBv1 setting on that ver. remained as is after an upgrade to Win 10?
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  13. petok

    petok Registered Member

    Joined:
    Jan 11, 2015
    Posts:
    35
    I have used this commands and disable SMBv1 and SMBv2 and no problems 10 days work perfect.

    Disable SMBv1 protocol
    Open PowerShell Run as Administrator and write this and enter
    Code:
    Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
    next remove with this
    Code:
    Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove
    and last
    Code:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= disabled
    for check use this
    Code:
    Get-SmbServerConfiguration | Select EnableSMB1Protocol
    Disable SMBv2 protocol (Note! "When disable SMBv2 also disable and SMBv3 Protocol")
    Open PowerShell Run as Administrator and write this and enter
    Code:
    Set-SmbServerConfiguration -EnableSMB2Protocol $false -Force
    and last
    Code:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
    sc.exe config mrxsmb20 start= disabled
    
    for check use this
    Code:
    Get-SmbServerConfiguration | Select EnableSMB2Protocol
     
    Last edited: May 17, 2017
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    @petok :thumb:

    I also used those lines.

    Please add lines for SMBv2.
     
  15. petok

    petok Registered Member

    Joined:
    Jan 11, 2015
    Posts:
    35
    I add SMBv2 lines.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Thanks. You should also note that disabling SMBv2 also disables SMBv3 at once, so people would be aware.
     
  17. petok

    petok Registered Member

    Joined:
    Jan 11, 2015
    Posts:
    35
    Thanks for idea for note.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    And Thank You for bringing attention to the command codes in plain English like this.

    It behooves me but must admit that those entries benefitted my boxes that were 0pen! too :eek:
     
  19. guest

    guest Guest

    it is by default, every time i do a clean install since the first win10 build, i had to disable it, it is legacy feature still used by some companies.
     
  20. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    278
    I also used @petok commands but the lanmanworkstation service is still running. I guess this is normal behavior though by looking at:
    Code:
    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    Untitled.png
     
  21. petok

    petok Registered Member

    Joined:
    Jan 11, 2015
    Posts:
    35
    LanmanWorkstation is Workstation Service in Windows, I have disabled this for me not need... If you not use then open Services and find Workstation click two and see properties and make stop and disable.
    here when is disable
    Code:
    C:\sc query lanmanworkstation
    
    SERVICE_NAME: lanmanworkstation
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 1077  (0x435)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
     
  22. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,553
    Location:
    USA still the best. But barely.
    Can somebody explain what SMBv1 is in simple terms? And is there any reason I could need it? W7P64 non-work pc. Thanks.

    And the same about SMBv2 & SMBv3?
     
  23. guest

    guest Guest

    • SMB 1.0/CIFS File Sharing Support: This enables file and printer sharing with older versions of Windows, ranging from Windows NT 4.0 to Windows XP and Windows Server 2003 R2. Linux and Mac operating systems may also use the older SMB protocol for file and printer sharing.
    v2 & 3 are for more recent OSes
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    In case there's any question to what it does..............

    Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
     
  25. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    I have a virtual machine I use for the Fast Ring for the Windows Insider program that has never been anything but Windows 10. It is enabled on that VM by default.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.