How to disable SMB v1

If you have been reading about WannaCry and Petya, most of the systems could have been protected two ways.

First is to make sure systems were up to date on security updates and other patching.

Second would be to disable SMB v1.

[A third way would be up to date anti-virus/security software but for those in the initial batches that were hit, this probably wouldn’t have been available.]

Server Message Block [SMB] is the file protocol that is most commonly used by Windows operating systems. It is an old protocol, over 10 years old. Communications is digitally signed, which enables the recipient of the packets to confirm their point of origination and their authenticity.

Note: Test before applying changes. You still may have some lesser known applications that still need SMB v1.

This link details how to disable SMB v1 for stand-alone computers as well as those on a domain for various operating systems.

If you are using a stand-alone computer [not on a domain], the registry “fix” below will disable SMB v1 and will take effect after rebooting:

Windows Registry Editor Version 5.00

; Disables SMB v1

; To enable, set to 1 or delete entry

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]

“SMB1″=dword:00000000

With the release of Windows 10 Fall Creator Update [a.k.a. v1709] and the server equivalent, SMB v1 will be disabled by default when you buy a new system or do a clean/fresh installation [i.e. not an upgrade].

Microsoft has a web page that lists Microsoft and third-party products that require SMB v1 and links with further information.

Note: A reminder that if you modify the registry, back up the registry before proceeding.

Advertisements

About ebraiter
computer guy

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: