Microsoft Gets Ready to Disable SMB1 Protocol on Windows 11

Posted on April 20, 2022 by Laurent Giret in Windows, Windows 11 with 17 Comments

Microsoft announced yesterday that it’s taken a new step towards the deprecation of the SMB1 file-sharing protocol on Windows PCs. The company has now disabled the protocol by default on the latest Windows 11 Home Insider builds coming from the Dev Channel. 

If the protocol will soon no longer be enabled by default on Windows 11 Home, IT admins will still be able to reinstall it manually. The Windows 11 Home change also won’t affect in-place upgrades on PC where the protocol was already being used.

Microsoft decided years ago to stop installing SMB1 by default on Windows 10 and Windows Server. SMB1 is a decades-old protocol that’s still being used to connect PCs to old NAS devices, but Microsoft is now planning to drop SMB1 support on Windows for good.

“There is no edition of Windows 11 Insider that has any part of SMB1 enabled by default anymore. At the next major release of Windows 11, that will be the default behavior as well,” explained Ned Pyle, Principal Program Manager in the Windows Server engineering group.

Ultimately, Microsoft plans to go even further and remove SMB1 binaries on its operating systems. “Windows and Windows Server will no longer include the drivers and DLLs of SMB1. We will provide an out-of-band unsupported install package for organizations or users that still need SMB1 to connect to old factory machinery, medical gear, consumer NAS, etc.,” Pyle explained. 

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (17)

17 responses to “Microsoft Gets Ready to Disable SMB1 Protocol on Windows 11”

  1. ronv42

    This is great news from a security point of view. But the down side is that there are sill older routers and NAS devices hosting storage that this will break along with many multi function printers that scan to NAS storage.

    • mikegalos

      Which means those older devices are also not secure and likely have other security issues that should make them candidates for replacement. In the rare cases where a critical device has no secure replacement available then this is good warning that the device should be isolated at a minimum.


      Security doesn't mean "secure as long as we don't have to replace anything".

  2. dftf

    Good news!


    However... don't they still ship with TLS 1.0 and TLS 1.1 enabled by-default? Anything below TLS 1.2 should really be getting dropped now...


    Also, by-default for a LAN or WLAN adaptor, "Client for Microsoft Networks", "File and Printer Sharing for Microsoft Networks", "QoS Packet Scheduler", and a few-other services or protocols are all enabled by-default. Yet for a typical home-computer, that connects directly to a router and isn't part of a home-network, the only item you need enabled is "TCP/IPv4" and, if your ISP and router both support it, "TCP/IPv6" also. Everything-else can safely be left turned-off though.

  3. kevin_costa

    Me too. After the WannaCry incident, I remember MS saying that it would disable SMBv1 on Windows by default. I think starting W10 v1709 or v1803, the OS was shipped with SMBv1 disabled. This is not news, unless they are removing all the SMBv1 code from Windows soon.

    • mikegalos

      Precisely (although the article doesn't really make that clear). The big thing is that it's no longer installed rather than installed and not enabled. Now it takes a separate, conscious action to install the code.

  4. AlanBourke

    The only surprising thing about this is I assumed it was already disabled in Windows 11.

  5. chrishilton1

    SMB1 is the primary reason for ransomware propagation, check all your servers today and disable it.

  6. proftheory

    I thought it was already disabled in Windows 10. Many older routers that allow you to plug in a USB drive for network storeage use SMB1. The routers are unlikely to change that since they use OLD linux kernels. That was one of the reasons I upgraded to a Synology NAS in 2020. Thank you PUA $$$.

  7. dan1986ist

    in my opinion, it'll be a lot easier for those us who are home cusomers to move away from using SMB1, assuming anyone reading this still using it, than it'll be for those using equipment in specialized industries.

    • mikegalos

      Precisely. The remaining usage being supported will likely be things like process control systems in factories that need a very long lifespan but are never exposed to outside networks.


  8. crunchyfrog

    There's no good reason to keep supporting this flawed protocol. I understand this will cause issue with users with old hardware and software but it's time to move on and upgrade these to newer versions.

  9. Ruvger

    This is great news. Microsoft needs to be more aggressive with this stuff. They are doing the right thing.

  10. Bart

    I am out of my depth here.


    Does this have any implications for accessing a Synology NAS (running the latest software) for example?

Leave a Reply