Server Message Block (SMB) is a network protocol that allows file sharing between devices on a network. Windows 11, like previous versions, supports SMB, but it has disabled SMB 1.0/CIFS (Common Internet File System) by default due to security concerns. Older systems or legacy devices, however, may still rely on SMB 1.0, making it necessary to enable it in some cases. Conversely, disabling it helps protect against vulnerabilities.
This guide walks you through enabling or disabling SMB 1.0/CIFS File Sharing Support on Windows 11.
Understanding SMB 1.0/CIFS and Its Risks
SMB 1.0 is an outdated version of the SMB protocol. It was widely used in earlier Windows versions but contains significant security vulnerabilities, making systems using it prone to cyberattacks like WannaCry and NotPetya. Microsoft recommends disabling SMB 1.0 unless it is essential for compatibility with older hardware or software.
Key Risks of SMB 1.0:
– No Encryption: Data is transferred in plain text.
– Outdated Protocol: Lacks modern security features.
– Vulnerable to Exploits: Easily targeted by malware and ransomware.
How to Enable or Disable SMB 1.0 in Windows 11
You can enable or disable SMB 1.0/CIFS through several methods:
– Windows Features (Graphical Interface)
– PowerShell
– Command Prompt
Method 1: Using Windows Features
Steps to Enable SMB 1.0:
1. Press Windows + R to open the Run dialog box.
2. Type optionalfeatures and press Enter. This opens the Windows Features window.
3. Scroll down and find SMB 1.0/CIFS File Sharing Support.
4. Check the box next to it. You’ll see three options:
– SMB 1.0/CIFS Client: Allows Windows to access shared files hosted by older devices.
– SMB 1.0/CIFS Server: Enables sharing files from your Windows 11 device using SMB 1.0.
– SMB 1.0/CIFS Automatic Removal: Automatically removes the feature if it detects no usage after a certain period.
5. Click OK and restart your computer to apply the changes.
Steps to Disable SMB 1.0:
1. Follow the same steps to open Windows Features.
2. Uncheck the SMB 1.0/CIFS File Sharing Support option.
3. Click OK and restart your computer.
Method 2: Using PowerShell
Enable SMB 1.0:
1. Open PowerShell as an administrator. (Right-click the Start button and select Windows PowerShell (Admin)).
2. Enter the following command:
“`powershell
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart
“`
3. Press Enter.
4. Restart your computer to complete the process.
Disable SMB 1.0:
1. Open PowerShell as an administrator.
2. Type the following command:
“`powershell
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
“`
3. Press Enter and restart your computer.
Check the Status of SMB 1.0:
To verify if SMB 1.0 is enabled, run:
“`powershell
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
“`
Method 3: Using Command Prompt
Enable SMB 1.0:
1. Open Command Prompt as an administrator.
2. Type:
“`bash
dism /online /enable-feature /featurename:SMB1Protocol
“`
3. Press Enter and restart the system.
Disable SMB 1.0:
1. In Command Prompt (admin), enter:
“`bash
dism /online /disable-feature /featurename:SMB1Protocol
“`
2. Restart the computer.
Important Considerations
1. Security First: Only enable SMB 1.0 if you absolutely need to connect to legacy systems or devices. For regular use, it’s best to keep it disabled.
2. Network Isolation: If you must enable SMB 1.0, ensure the device is isolated from external networks to reduce the risk of attacks.
3. Use Updated Alternatives: Consider upgrading devices or software that rely on SMB 1.0 to those supporting SMB 2.0 or higher, which offer better security and performance.
SMB 1.0/CIFS is an essential protocol for legacy systems but poses significant security risks if left enabled unnecessarily. By following the steps outlined above, you can easily enable or disable SMB 1.0 in Windows 11 based on your needs. Always prioritize network security, and where possible, use modern protocols like SMB 3.0 to ensure safe and efficient file sharing.