New
#1
Please set the record straight on correctly disabling SMBv1
Over the past 6 months - I have been making efforts to ensure that SMBv1 is not on our network machines in any capacity - and for the most part it has worked ok.
I use Windows 10 ENT on the workstations and Windows 2016 on the servers.
But I remain confused on the actual correct way to disable this ugly protocol.
If one believes what we see on the Internet - the most common advice is to roll over to:
Control Panel->Programs and Features->Turn Windows Features on or off - and uncheck the box indicated below.
Attachment 215718
This does in fact disable SMBv1 but also takes the Computer Browser service with it - which will begin to show it's weaknesses depending on your network devices (like routers) and even some apps - that still need the Computer Browser service to be available.
Then there is the PowerShell method. In my testing - I see that I can leave ALL the SMBv1 stuff enabled in Windows 10 (checkbox in the graphic above left on) and then run this command in an admin PS window:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Then run this to confirm
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
This does in fact kill the protocal - while seemingly leaving the Network Browsing capability - unbroken.
So - which is the right method?
Even more crazy - why when I run the Powershell command - does the WIndows SMBv1 feature set remain on? Clearly there is no connection between this command and the Add/Remove Features UI - but if the protocol is in fact off - this seems like a decent compromise - Network browsing still works and the nasty SMBv1 protocol is disabled (I hope).
Thoughts?
Sonic.