Disable SMBv1 with PowerShell

Disable SMBv1 with PowerShell: One will need to disable SMBv1 all over the network and an easy way of doing it is using PowerShell.

If you are getting rid out of SMBv1 and you haven’t read my previous article, Disable SMBv1 with Group Policy, please check it out., especially if you want to disable SMBv1 on an entire domain.

You will need PowerShell 2.0 or later for the following commands and restart your machine after running the commands. You will need to run the commands for Disable SMBv1 – Server and Disable SMBv1 Client, on both Windows Servers and Clients editions. Always have a backup before changing anything. At the bottom of the article you will find the commands to enable it back, in case something broke. As I mentioned in my previous article, if you are still running  Windows XP / Server 2003 in your network, don’t do it, because these old and expired versions of Windows do not support anything above SMBv1. In case you are wondering if

Disable SMBv1 – Server

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

disable smbv1 – client
  • For Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi  #not needed for Windows 8.1 and Windows 2012 R2
sc.exe config mrxsmb10 start= disabled

  • For Windows 8.1 and Windows Server 2012 R2:

sc.exe config mrxsmb10 start= disabled

Disable-SMBv1-with-PowerShell-01

On Windows Server 2016 and Windows 10 you can completely uninstall SMBv1 support, with the following PowerShell commands:

Remove-WindowsFeature -Name FS-SMB1 #Remove SMBv1 Server support
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol #Remove SMBv1 Client Support

On Windows 8.1 and Windows Server 2012 R2 you can run the check Server configuration PowerShell cmdlet to see enabled / disabled SMB versions and more:

Get-SmbServerConfiguration

Read more about how to disable or enable any SMB version at How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server

To enable back SMBv1 in case something broke with the previous commands:

SMBv1 – Server

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force

SMBV1 – Client

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi  #no need to run this for Windows 8.1 and Windows Server 2012 R2
sc.exe config mrxsmb10 start= auto