Microsoft Gets Ready to Disable SMB1 Protocol on Windows 11

Laurent Giret
Apr 20, 2022
17

Microsoft announced yesterday that it’s taken a new step towards the deprecation of the SMB1 file-sharing protocol on Windows PCs. The company has now disabled the protocol by default on the latest Windows 11 Home Insider builds coming from the Dev Channel.

If the protocol will soon no longer be enabled by default on Windows 11 Home, IT admins will still be able to reinstall it manually. The Windows 11 Home change also won’t affect in-place upgrades on PC where the protocol was already being used.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

Microsoft decided years ago to stop installing SMB1 by default on Windows 10 and Windows Server. SMB1 is a decades-old protocol that’s still being used to connect PCs to old NAS devices, but Microsoft is now planning to drop SMB1 support on Windows for good.

“There is no edition of Windows 11 Insider that has any part of SMB1 enabled by default anymore. At the next major release of Windows 11, that will be the default behavior as well,” explained Ned Pyle, Principal Program Manager in the Windows Server engineering group.

Ultimately, Microsoft plans to go even further and remove SMB1 binaries on its operating systems. “Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc.,” Pyle explained.

Tagged with

Please check our Community Guidelines before commenting

Conversation 17 comments

ronv42
Premium Member
20 April, 2022 - 8:21 am

This is great news from a security point of view. But the down side is that there are sill older routers and NAS devices hosting storage that this will break along with many multi function printers that scan to NAS storage.

Log in to Reply

mikegalos

20 April, 2022 - 3:36 pm

Which means those older devices are also not secure and likely have other security issues that should make them candidates for replacement. In the rare cases where a critical device has no secure replacement available then this is good warning that the device should be isolated at a minimum. Security doesn’t mean "secure as long as we don’t have to replace anything".

Log in to Reply

Bart
Premium Member
20 April, 2022 - 8:37 am

I am out of my depth here. Does this have any implications for accessing a Synology NAS (running the latest software) for example?

Log in to Reply

ralfred
Premium Member
20 April, 2022 - 8:47 am

Synology seems to handle SMB1, SMB2 and SMB3: <a href="https://kb.synology.com/en-global/DSM/help/DSM/AdminCenter/file_winmacnfs_win?version=7" target="_blank">SMB Settings | DSM – Synology Knowledge Center</a> Note: SMB1 is really old.

Log in to Reply

Ruvger
Premium Member
20 April, 2022 - 9:02 am

This is great news. Microsoft needs to be more aggressive with this stuff. They are doing the right thing. 

Log in to Reply
crunchyfrog

20 April, 2022 - 9:07 am

There’s no good reason to keep supporting this flawed protocol. I understand this will cause issue with users with old hardware and software but it’s time to move on and upgrade these to newer versions.

Log in to Reply

fishnet37222
Premium Member
20 April, 2022 - 11:26 am

As stated, they will provide an out-of-band unsupported package to install the functionality if it’s still needed.

Log in to Reply

dan1986ist
Premium Member
20 April, 2022 - 9:56 am

in my opinion, it’ll be a lot easier for those us who are home cusomers to move away from using SMB1, assuming anyone reading this still using it, than it’ll be for those using equipment in specialized industries.

Log in to Reply

mikegalos

21 April, 2022 - 9:42 pm

Precisely. The remaining usage being supported will likely be things like process control systems in factories that need a very long lifespan but are never exposed to outside networks. 

Log in to Reply

dftf

20 April, 2022 - 1:15 pm

Good news! However… don’t they still ship with TLS 1.0 and TLS 1.1 enabled by-default? Anything below TLS 1.2 should really be getting dropped now… Also, by-default for a LAN or WLAN adaptor, "Client for Microsoft Networks", "File and Printer Sharing for Microsoft Networks", "QoS Packet Scheduler", and a few-other services or protocols are all enabled by-default. Yet for a typical home-computer, that connects directly to a router and isn’t part of a home-network, the only item you need enabled is "TCP/IPv4" and, if your ISP and router both support it, "TCP/IPv6" also. Everything-else can safely be left turned-off though.

Log in to Reply
proftheory
Premium Member
20 April, 2022 - 4:18 pm

I thought it was already disabled in Windows 10. Many older routers that allow you to plug in a USB drive for network storeage use SMB1. The routers are unlikely to change that since they use OLD linux kernels. That was one of the reasons I upgraded to a Synology NAS in 2020. Thank you PUA $$$.

Log in to Reply
chrishilton1
Premium Member
21 April, 2022 - 1:49 am

SMB1 is the primary reason for ransomware propagation, check all your servers today and disable it. 

Log in to Reply
AlanBourke

21 April, 2022 - 3:32 am

The only surprising thing about this is I assumed it was already disabled in Windows 11.

Log in to Reply
kevin_costa

21 April, 2022 - 9:43 am

Me too. After the WannaCry incident, I remember MS saying that it would disable SMBv1 on Windows by default. I think starting W10 v1709 or v1803, the OS was shipped with SMBv1 disabled. This is not news, unless they are removing all the SMBv1 code from Windows soon. 

Log in to Reply

mikegalos

21 April, 2022 - 9:45 pm

Precisely (although the article doesn’t really make that clear). The big thing is that it’s no longer installed rather than installed and not enabled. Now it takes a separate, conscious action to install the code.

Log in to Reply

thea2_
Premium Member
21 April, 2022 - 6:56 pm

 

Log in to Reply

thea2_
Premium Member
21 April, 2022 - 6:58 pm

opps, sb1 is the default connection for kodi to other computers on network.

Log in to Reply

About author

Laurent Giret

Laurent a Senior News Editor at Thurrott.com. He's been writing about the tech industry for many years and his favorite topics to cover include Big Tech, media, and gaming.

View Articles

Currently on Forums
Visit the forums
- Drunk purchase “microsoftyousuck.com”
  Posted by andybarzyk
  
  2
  comments
- [CLOSED] Ask Paul for this Friday, April 19
  Posted by Paul Thurrott
  
  9
  comments
- Questions for 4 / 19?
  Posted by Brad Sams
  
  4
  comments
- What does Microsoft know that we don’t?
  Posted by Sarah Duguay
  
  3
  comments
Podcasts
Podcast Hub
- First Ring Daily 1586: “Tech” Podcast
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- The Sams Report: Microsoft Wants to Fragment Windows
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- First Ring Daily 1585: Extensioned
  
  Aired on April 18, 2024 by Brad Sams with 0 Comments
- Windows Weekly 877: The Tiger in the Grass
  
  Aired on April 18, 2024 by Paul Thurrott with 1 Comment
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Microsoft Gets Ready to Disable SMB1 Protocol on Windows 11

Windows Intelligence In Your Inbox

Tagged with

Share post

Conversation 17 comments

Drunk purchase “microsoftyousuck.com”

[CLOSED] Ask Paul for this Friday, April 19

Questions for 4 / 19?

What does Microsoft know that we don’t?

First Ring Daily 1586: “Tech” Podcast

The Sams Report: Microsoft Wants to Fragment Windows

First Ring Daily 1585: Extensioned

Windows Weekly 877: The Tiger in the Grass

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe