Key Points
How to Enable or Disable SMB1 File Sharing Protocol in Windows
- Why disable SMB1? SMB1 is outdated and prone to vulnerabilities. Microsoft deprecated the protocol in 2022, which also meant security patches would no longer be released in support of it.
- Check SMB1 status using PowerShell:
Get-SmbServerConfiguration | Select EnableSMB1ProtocolGet-WindowsOptionalFeature -Online -FeatureName “SMB*”
- Methods for disabling SMB1:
- Windows Settings (GUI) – Best for individual users.
- PowerShell scripts – Best for enterprises and remote management.
- Group Policy (GPMC) – Best for MSPs or domain administrators.
- When to enable SMB1: A final option for legacy NAS devices (pre-2016), older printers/scanners (pre-2015), embedded industrial/medical systems, or XP/Server 2003 apps.
The Server Message Block (SMB) protocol is a critical component of Windows networking, allowing secure file and printer sharing between network devices. However, the legacy SMB1 protocol isn’t as stringent as its newer iterations.
This guide will walk you through the process of disabling SMB1 in Windows and how to enable or disable the SMB1 file sharing protocol for legacy devices. These steps should help IT teams or MSPs minimize vulnerabilities within the shared network.
💡 If you’re more of a visual learner, you’ll love our video on How to Enable or Disable SMB1 File Sharing Protocol in Windows.
How to check if SMB1 is enabled in Windows
The quickest way to check if SMB1 is enabled on your system is by using PowerShell.
- Use Search 🔎 to open Terminal → PowerShell → Run as administrator.
- To check the SMB1 protocol status:
Get-SmbServerConfiguration | Select EnableSMB1Protocol
- To view all SMB versions installed:
Get-WindowsOptionalFeature -Online -FeatureName “SMB*”
💡 Tip: You can also use Control Panel → Navigate to Programs → Programs and Features. Click “Turn Windows features on or off” and find “SMB 1.0/CIFS File Sharing Support” on the list to see if it’s enabled.
Methods for configuring SMB1 in Windows 10/11
Use the table to choose and quickly navigate to your preferred activation steps.
📌 Prerequisites:
- Check if SMB1 is enabled.
- A system restart is required for changes to take effect.
- Some methods may require system and network access.
📌 Use cases:
- Disable SMB1 to streamline network protocols.
- Switch SMB1 to prevent systems from using the legacy protocol.
👉 Reminder: Some steps may vary depending on system defaults or active settings.
Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Windows Settings | ✓ | |
| Method 2: PowerShell script | ✓ | |
| Method 3: Group Policy | ✓ |
💡 Tip: Check out the Things to look out for section for tips on managing potential risks.
Method 1: Enable or disable SMB1 via Settings
This GUI-based method is recommended for self-service and remote access activation.
- Use Search 🔎 to open Control Panel.
- Navigate to Programs → Programs and Features → Toggle Turn Windows features on or off.
- Find and manage SMB 1.0/CIFS File Sharing Support according to preferences.
- Click OK to apply changes
Method 2: How to enable or disable SMB1 in Windows 10 via PowerShell
Run PowerShell as Administrator and use the following commands:
Disable SMB1 Client: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Disable SMB1 Server: Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
Enable SMB1 Client: Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Enable SMB1 Server: Set-SmbServerConfiguration -EnableSMB1Protocol $true -Force
💡 Note: This script may run or fail without displaying any confirmation or prompt. To confirm if changes have been applied successfully, check the corresponding registry keys or system settings.
Method 3: How to disable SMB1 in Windows 10 via Group Policy
Group Policy Management Console (GPMC) is available on Windows Pro, Enterprise, and Education editions, but is not installed by default. This method is for system administrators and MSPs.
- Press Win + R, type gpmc.msc, and tap OK to open GPMC.
- Create or edit a GPO linked to your target Organizational Unit (OU).
- Navigate to Computer Configuration → Administrative Templates → MS Network Client → Microsoft Network Client.
- Manage Configure SMB v1 client driver according to preferences.
- Then, go to Computer Configuration → Administrative Templates → MS Network Server → Microsoft Network Server.
- Manage Configure SMB v1 server according to preferences.
You can run the gpupdate /force command to apply the changes immediately. Otherwise, the new settings will be applied on the next update interval.
👉 Watch this GPUpdate video demonstration for a visual reference.
After rebooting the device, validate if SMB1 is disabled using theGet-SmbServerConfiguration | Select EnableSMB1Protocol command. It should return “False” if SMB1 has been successfully switched off.
When to enable SMB1 file sharing protocol
Enabling SMB1 introduces significant security risks to your network. It’s advisable to only use the sharing protocol as a last resort and with a full understanding of the vulnerabilities. With that said, this action may be necessary to initiate compatibility with other legacy apps or resources in Windows.
If you must still use SMB1, consider the following steps for isolation and remediation.
- Place legacy systems on isolated network segments
- Implement strict firewall rules to limit SMB1 traffic
- Disable SMB1 on all internet-facing systems
- Use VLANs to separate SMB1 traffic from your main network
- Consider application-level alternatives or middleware to avoid SMB1 entirely
Apart from exposing the system to known exploits and CVEs, systems running SMB1 may violate compliance requirements (GDPR, HIPAA, PCI) and incur penalties. Keeping it active is also hugely detrimental since security patches are no longer being released for SMB1.
💡 Note: Microsoft has stopped support for SMB1 since 2022.
⚠️ Things to look out for when enabling or disabling SMB1
Below are common risks, their possible consequences, and some practical ways to reverse or prevent issues when changing SMB1 preferences.
| Risks | Potential Consequences | Reversals |
| Legacy applications built for Windows XP/Server 2003 environments | Application errors, crashes, or inability to access file shares | ➤ Use containerization or virtualization to isolate SMB1 usage ➤ Develop modernization or replacement plans for long-term migration |
| Unsegmented networks still using SMB1 | Malware can spread laterally across the network if one system is compromised | ➤ Segment networks with VLANs and firewalls ➤ Restrict SMB1 traffic to specific, controlled zones only |
| Industrial control systems, point-of-sale terminals, and medical equipment running older embedded OS | Business-critical workflows may fail, leading to downtime or safety risks | ➤ Where updates aren’t possible, isolate these systems on segmented networks with strict firewall/ACL rules ➤ Consider middleware or virtualization to bridge SMB1 dependencies. |
Additionally, consider enforcing the use of SMB2 or SMB3 protocols whenever possible by configuring minimum SMB security settings through Group Policy:
- Press Win + R, type gpmc.msc, and tap OK to open GPMC.
- Navigate to Computer Configuration → Administrative Templates → Network → Lanman Workstation.
- Set Enable insecure guest logons to Disabled.
Then, configure the registry to enforce the minimum SMB version:
- Press Win + R, type regedit, and tap OK to open the Registry Editor.
- Navigate to or copy and paste the following path to the Registry address bar. If the path is incomplete, create the required key.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Create or modify the SMB2 DWORD (32-bit) value.
- Open it and set the Value data to 1 to require SMB2 or higher across the network.
Conduct regular network-wide audits to identify systems still using the SMB1 protocol. For instance, use tools like Microsoft’s Message Analyzer to capture and analyze network traffic for SMB protocol usage.
Security best practices when managing the SMB1 protocol
Resilient IT security requires a proactive approach to managing legacy protocols like SMB1. While complete removal might pose challenges for organizations with older systems, the ease of use and security benefits far outweigh the compatibility concerns.
By following the steps outlined in this guide, you can swiftly disable SMB1 in Windows and implement proper isolation measures where necessary. Taking action will not only protect your systems from common vulnerabilities and exploits but also improve performance and prepare your infrastructure for future security demands and compliance requirements.
