Key Points
- SMB1 (SMBv1/CIFS) is outdated and contains unpatched vulnerabilities. Microsoft deprecated it in 2014 and has removed it by default from modern Windows versions. Security patches are no longer released for it.
- Check SMB1 status using PowerShell via:
- Get-SmbServerConfiguration | Select EnableSMB1Protocol
- Get-WindowsOptionalFeature -Online -FeatureName “SMB*”
- Methods for disabling SMB1:
- Windows Settings (GUI) – Best for individual users.
- PowerShell scripts – Best for enterprises and remote management.
- Group Policy (GPMC) – Best for MSPs or domain administrators.
- When to enable SMB1: A final option for legacy NAS devices (pre-2016), older printers/scanners (pre-2015), embedded industrial/medical systems, or XP/Server 2003 apps.
The Server Message Block (SMB) protocol is a critical component of Windows networking, allowing secure file and printer sharing between network devices. However, the legacy SMB1 protocol isn’t as stringent as its newer iterations.
SMB1 (also referred to as SMBv1 or CIFS) is the original version of this protocol, first introduced with MS-DOS in the 1980s. It lacks the encryption, authentication improvements, and performance gains found in SMB2 and SMB3.
This guide will walk you through the process of disabling SMB1 in Windows and how to enable or disable the SMB1 file sharing protocol for legacy devices. These steps should help IT teams or MSPs minimize vulnerabilities within the shared network.
💡 If you’re more of a visual learner, you’ll love our video on How to Enable or Disable SMB1 File Sharing Protocol in Windows.
Detect and deactivate SMB1 and other vulnerabilities before they become attack vectors
How to check if SMB1 is enabled in Windows
The quickest way to check if SMB1 is enabled on your system is by using PowerShell.
- Use Search 🔎 to open Terminal → PowerShell → Run as administrator.
- To check the SMB1 protocol status:
Get-SmbServerConfiguration | Select EnableSMB1Protocol
- To view all SMB versions installed:
Get-WindowsOptionalFeature -Online -FeatureName “SMB*”
💡 Tip: You can also use Control Panel → Navigate to Programs → Programs and Features. Click “Turn Windows features on or off” and find “SMB 1.0/CIFS File Sharing Support” on the list to see if it’s enabled.
Methods for configuring SMB1 in Windows 11
Use the table to choose and quickly navigate to your preferred activation steps.
📌 Prerequisites:
- Check if SMB1 is enabled.
- A system restart is required for changes to take effect.
- Some methods may require system and network access.
📌 Use cases:
- Disable SMB1 to streamline network protocols.
- Switch SMB1 to prevent systems from using the legacy protocol.
👉 Reminder: Some steps may vary depending on system defaults or active settings.
Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Windows Settings | ✓ | |
| Method 2: PowerShell script | ✓ | |
| Method 3: Group Policy | ✓ |
💡 Tip: Check out the Things to look out for section for tips on managing potential risks.
Method 1: Enable or disable SMB1 via Settings
This GUI-based method is recommended for self-service and remote access activation.
- Use Search 🔎 to open Control Panel.
- Navigate to Programs → Programs and Features → Toggle Turn Windows features on or off.
- Find and manage SMB 1.0/CIFS File Sharing Support according to preferences.
- Click OK to apply changes
Method 2: How to enable or disable SMB1 in Windows 11 via PowerShell
Run PowerShell as Administrator and use the following commands:
Disable SMB1 Client: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Disable SMB1 Server: Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
Enable SMB1 Client: Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Enable SMB1 Server: Set-SmbServerConfiguration -EnableSMB1Protocol $true -Force
💡 Note: On Windows 11, SMB1 is not installed by default on any edition following a clean installation. If you’re running a clean Windows 11 setup, you may not need to take any action. To verify the current status of SMB1 on your system, run Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol and check the State field.
Method 3: How to disable SMB1 in Windows 11 via Group Policy
Group Policy Management Console (GPMC) is available on Windows Pro, Enterprise, and Education editions, but is not installed by default. This method is for system administrators and MSPs.
- Press Win + R, type gpmc.msc, and tap OK to open GPMC.
- Create or edit a GPO linked to your target Organizational Unit (OU).
- Navigate to Computer Configuration → Administrative Templates → MS Network Client → Microsoft Network Client.
- Manage Configure SMB v1 client driver according to preferences.
- Then, go to Computer Configuration → Administrative Templates → MS Network Server → Microsoft Network Server.
- Manage Configure SMB v1 server according to preferences.
You can run the gpupdate /force command to apply the changes immediately. Otherwise, the new settings will be applied on the next update interval.
👉 Watch this GPUpdate video demonstration for a visual reference.
After rebooting the device, validate if SMB1 is disabled using theGet-SmbServerConfiguration | Select EnableSMB1Protocol command. It should return “False” if SMB1 has been successfully switched off.
When to enable SMB1 file sharing protocol
Enabling SMB1 introduces significant security risks to your network. It’s advisable to only use the sharing protocol as a last resort and with a full understanding of the vulnerabilities. With that said, this action may be necessary to initiate compatibility with other legacy apps or resources in Windows.
If you must still use SMB1, consider the following steps for isolation and remediation.
- Place legacy systems on isolated network segments
- Implement strict firewall rules to limit SMB1 traffic
- Disable SMB1 on all internet-facing systems
- Use VLANs to separate SMB1 traffic from your main network
- Consider application-level alternatives or middleware to avoid SMB1 entirely
Apart from exposing the system to known exploits and CVEs, systems running SMB1 may violate compliance requirements (GDPR, HIPAA, PCI) and incur penalties. Keeping it active is also hugely detrimental since security patches are no longer being released for SMB1.
💡 Note: Microsoft has stopped support for SMB1 since 2022.
⚠️ Things to look out for when enabling or disabling SMB1
Below are common risks, their possible consequences, and some practical ways to reverse or prevent issues when changing SMB1 preferences.
| Risks | Potential Consequences | Reversals |
| Legacy applications built for Windows XP/Server 2003 environments | Application errors, crashes, or inability to access file shares | ➤ Use containerization or virtualization to isolate SMB1 usage ➤ Develop modernization or replacement plans for long-term migration |
| Unsegmented networks still using SMB1 | Malware can spread laterally across the network if one system is compromised | ➤ Segment networks with VLANs and firewalls ➤ Restrict SMB1 traffic to specific, controlled zones only |
| Industrial control systems, point-of-sale terminals, and medical equipment running older embedded OS | Business-critical workflows may fail, leading to downtime or safety risks | ➤ Where updates aren’t possible, isolate these systems on segmented networks with strict firewall/ACL rules ➤ Consider middleware or virtualization to bridge SMB1 dependencies. |
Additionally, consider enforcing the use of SMB2 or SMB3 protocols whenever possible by configuring minimum SMB security settings through Group Policy:
- Press Win + R, type gpmc.msc, and tap OK to open GPMC.
- Navigate to Computer Configuration → Administrative Templates → Network → Lanman Workstation.
- Set Enable insecure guest logons to Disabled.
Then, configure the registry to enforce the minimum SMB version:
- Press Win + R, type regedit, and tap OK to open the Registry Editor.
- Navigate to or copy and paste the following path to the Registry address bar. If the path is incomplete, create the required key.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Create or modify the SMB2 DWORD (32-bit) value.
- Open it and set the Value data to 1 to require SMB2 or higher across the network.
Conduct regular network-wide audits to identify systems still using the SMB1 protocol. For instance, use tools like Wireshark or the native Windows netsh trace command to capture and analyze network traffic for SMB protocol usage.
Identify legacy protocols and remediate to protect your environment from cyberattacks with NinjaOne.
Security best practices when managing the SMB1 protocol
Resilient IT security requires a proactive approach to managing legacy protocols like SMB1. While complete removal might pose challenges for organizations with older systems, the ease of use and security benefits far outweigh the compatibility concerns.
By following the steps outlined in this guide, you can swiftly disable SMB1 in Windows and implement proper isolation measures where necessary. Taking action will not only protect your systems from common vulnerabilities and exploits but also improve performance and prepare your infrastructure for future security demands and compliance requirements.
