• United States



Contributing Writer

How to harden Windows 10 workstations and servers: Disable SMB v1

Feb 06, 20193 mins
Network SecuritySecuritySmall and Medium Business

Early versions of Server Message Block are still present on many Windows networks and devices, leaving them open to attack. Here's how to detect and disable them.

Windows security and protection [Windows logo/locks]
Credit: Thinkstock / Microsoft

Server Message Block (SMB) is a foundational service that has been used for many years. This internet standard protocol enables Windows to share files, printers and serial ports. SMB is used over the internet on top of the TCP/IP protocol.

SMB v1 has been in use since Windows 95, and in 2019, it’s still often found and abused in networks. If you have SMB v1 enabled in your network, it can be used in blended attacks that might include ransomware and other malware. In a 2016 blog post, Ned Pyle lists the protections you lose when using SMB v1:

As Pyle points out, “The nasty bit is that no matter how you secure all these things, if your clients use SMB1, then a man-in-the-middle can tell your client to ignore all the above. “

How to detect and disable SMB v1

You can use various means to disable SMB v1 in your network. For example, you can use group policy to disable it with a registry key as noted in a 2017 blog post. In addition, you can follow the guidance in KB2696547 to detect if SMB v1 is still in use in your network and to gracefully disable it.

On Windows 10, you can use PowerShell to determine if SMB v1 is enabled on your computer. For example, the command Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol on my Windows 10 system provides the following information:

bradley smb 1 Microsoft

Determining support for SMB v1

You might find that older copiers and printers or older network-accessible storage still depends on SMB v1 to be functional. You need to determine if the risk of SMB v1 is acceptable, or you can contact the vendors on your impacting devices to determine if you can get a firmware update to support SMB v2 and SMB v3 on these older devices. There is even a list of products that demand SMB v1. If you are having issues disabling SMB v1 at home, check out the guidance on the Barbs Connected World blog.

Next, as recommended by the U.S. Cert, you can block SMB v1 at the firewall and internet. Most firewalls do this by default, but review if yours automatically blocks all SMB versions at the network boundary. It would do so by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139.

Take the time now to review your SMB v1 status and tighten up your Server Message Block.

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for, is a moderator on the listserve, and writes a column of Windows security tips for In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

More from this author