Hello! For those who are not in the know, I’ll start from afar. On computers and laptops with Windows installed, there is a separate “Network” tab in Explorer. This tab displays devices from the network environment. That is, by opening the “Network” tab, we can see there computers, network storage (NAS), multimedia devices (DLNA), flash drives and external drives that are connected to the router and to which shared access is configured. Simply put, those devices that are connected through one router (located on the same network) and on which network discovery is enabled (devices that can be discovered on the local network). Our router may also be displayed there (section "Network infrastructure") and other devices.
Now I’ll explain what and how, and why I decided to write this article. I have an ASUS router, to which I connected a USB flash drive, and configured shared access to this flash drive for all devices on the network. And what do you think, this network drive appeared in the “Network” section on all computers (it is displayed there as "Computer"), but it didn’t show up on my computer. That is, my computer did not see the flash drive connected to the router, nor other computers on this network. But the DLNA server was displayed running on the same router. But this does not change anything, since I need regular network access to the drive.
Also, I could not access the flash drive when I typed its address //192.168.1.1 in Explorer. This address was immediately opened through a browser. And I was unable to connect this drive as a network drive. It simply was not in the list of available devices in the network environment.
Such a problem when Windows 7, Windows 8, or Windows 10 does not see network devices is not uncommon. It doesn't have to be a flash drive or an external HDD that you connected to your router, as in my case. Most often, shared access is configured between computers on a local network. And they face the same problem when computers are connected to the same network (to one router), the sharing settings are set correctly, but the "Network" tab is empty. Or only the router and your computer are displayed.
Since there can be many reasons and, accordingly, solutions, I’ll probably start with the simplest ones (which didn't help me) and at the end of this article I will share the solution that helped in my case. As a result, my laptop still saw all the devices on the network. Including a network storage device and another computer that is also connected to this network.
But this does not mean that you have the same case. Therefore, I advise you to check all the settings in order.
Checking sharing settings
We will consider two cases:
- When computers do not see each other on the local network.
- Sharing access to a network storage device. This can be a flash drive, or a hard drive that is connected to the router, or a separate drive (aka NAS).
First case
For computers to be able to see each other and appear in the Network section in Explorer, they must be connected through the same router. Or connected directly (cable or via Wi-Fi). Simply put, they must be on the same local network.
Next, on all computers (I don’t know how many of them you have there), it is advisable to assign the network status to “Home” (private). I wrote in the article how to do this in Windows 10. In Windows 7, just go to the Network and Sharing Center and change the status of the current connection there.
If after this the computer still does not detect other computers (or vice versa), then let's also check the sharing settings.
To do this, in the “Network and Sharing Center” window (if you don’t know how to open it in Windows 10, then see the article), click on the “Change advanced sharing settings” item.
And for the current profile (usually “Private”) we set the parameters as in the screenshot below.
Let's do it on all computers on the local network.
Articles on this topic:
As a rule, these tips solve all problems with detecting computers on a local network.
Second case
When you have problems accessing your network storage. As in my case. Windows 10 did not see the USB drive that was connected to the ASUS router. Now many routers have a USB port for connecting drives and other devices, so the topic is relevant.
You need to make sure that this drive is defined in the router settings and that sharing is enabled. It is clear that this is done differently on different routers. On ASUS routers, for example, it looks like this:
Related articles:
Do not confuse sharing settings with FTP settings. The FTP server settings on the router have nothing to do with this.
Well, if other devices see the network storage and have access to it, but on a particular computer there is no access to it, then the problem is not on the router’s side. Go through the settings of the “problem” PC using this article.
An antivirus or firewall may be blocking network devices
If your antivirus or firewall (firewall) that is installed on your computer doesn’t like something, then it can easily make it so that neither you can see other devices in the network environment, nor can anyone detect you.
True, after disabling the firewall built into my antivirus, the problem was not solved (which means the problem is most likely not there), but it still seems to me that in my case it could not have happened without the participation of the antivirus.
Therefore, try to completely stop the antivirus for a while, or at least disable the firewall built into it (firewall). In NOD 32 this is done like this:
To check this you need to do on all computers, which will participate in the local network.
It is quite possible that you have some other programs installed that can monitor the network and manage network connections.
If it turns out that the problem is in the antivirus, then you need to add your network to the exceptions. Prevent the firewall from blocking the network itself or network devices.
If you don’t have an antivirus, you can experiment with disabling/enabling the firewall built into Windows.
Working group
The workgroup must be the same on all devices. As a rule, this is true. But it is advisable to check. To do this, open the computer properties "System" and go to "Advanced system settings".
"Working Group" will be indicated there. To change it, you need to click on the "Change" button.
Once again: the workgroup name must be the same on all computers.
If you have a problem accessing your network storage (to flash drive via router), then in the sharing settings on the same ASUS router the work group is also indicated. You can look at the screenshot above in the article. It should be the same as on the computer.
Problem accessing a shared network folder via SMB1 in Windows 10 (my solution)
Let's return specifically to my problem. Everything I described above has been checked and rechecked 10 times already. I did it a couple of times, but Windows 10 never saw other computers on the network and, most importantly, the shared folder in the form of a flash drive connected to the router never appeared in Explorer. And on other devices on the network everything was detected without problems. Including my laptop.
I read somewhere that you can try opening a shared folder through the Run window. Pressed the Win + R key combination and entered the network folder address //192.168.1.1 (aka router address).
I did not gain access to the drive, but an interesting error appeared:
You cannot connect to the shared folder because it is not secure. This shared folder runs on the legacy SMB1 protocol, which is insecure and may expose your system to attack.
Your system needs to use SMB2 or later.
This is already interesting. At least something.
SMB (Server Message Block) is a network protocol that is responsible for sharing access to files, printers and other network devices.
I started looking. And it turns out that Windows 10 abandoned the SMB1 protocol. Because of safety. And the Samba software package installed on my router seems to work using the SMB1 protocol. That's why Windows 10 doesn't see it. But other computers that also run Windows 10 were also not displayed on the “Network” tab.
Since I couldn’t update the protocol for SMB2 in the router settings, I decided that I needed to somehow enable SMB1 support in Windows 10. And as it turned out, this can be done without any problems. As a result, after connecting the “SMB Client 1.0/CIFS” component, everything worked for me. The system saw shared folders on computers on the network and a network folder configured on the router itself.
How to enable SMB1 in Windows 10?
Through the search, find and open the old “Control Panel”.
Switch to Small Icons and open Programs and Features.
Open "Turn Windows features on or off". Find the item “Support for SMB 1.0/CIFS file sharing”. Open it and check the box next to "SMB Client 1.0/CIFS". Click Ok.
If your computer prompts you to restart, restart it. If there is no prompt window, reboot manually.
After the reboot, all available devices on your network should appear on the “Network” – “Computer” tab.
I will be glad if this article is useful to someone and helps solve the problem that has arisen. Don't forget to write in the comments about the results. Or ask the question, where would we be without them :)
This article describes how to set up sharing of files and folders without a password on Windows 10.
This instruction will look at the simplest case of setting up shared access to Windows 10 folders. When you need to provide access to Windows 10 shared resources without a password. This is the most common situation in home networks and small office networks. This setting assumes that network access will be without a password, without restrictions.
Note. If you have Windows 10 2017 or 2018 and are experiencing the " Windows 10 does not see other computers on the local network", then read another article -. It describes a solution to the problem of connecting Windows 10 to older versions of Windows. This article may also be relevant for connecting Windows 10 to older versions of Linux.
But at the beginning of a silent theory.
Local and global networks
Today there is only one global computer network, the Internet. Local computer networks differ from global ones in the following factors:
- The number of computers connected in this network.
- The quantity and quality of resources shared (available) in this network.
The global Internet connects hundreds of millions (possibly more than a billion) computers. These computers provide a large number of different types of resources. The most common of which are text and graphic information. In addition to the information itself on the Internet, it is also possible to process this information - there are services for working with images and documents. Also available on the Internet are services that are not related to computer topics, for example, the sale of goods and services (for example, the sale of tickets for various transport).
A local computer network most often combines from two to several computers. Much less often, the number of computers on a local network can be several tens or hundreds (in large commercial or government organizations). As a rule, only a few resources are distributed on local networks - files, printers, scanners and Internet access.
Computers are physically connected to a network either using a cable or via a radio signal (WiFi). But in any case, setting up a local network is done the same way.
So, what, and in what order, needs to be done in order to configure the Windows 10 network?
Windows 10 sharing without password
This instruction will describe how to set up a Windows 10 network so that shared access to folders (files) and printers is provided without requiring a password. This is a trusted network option. This type of organization of a local computer network is most convenient to use (no need to remember passwords for each computer). Moreover, such a network is easier to create and maintain.
It is best to start setting up a local network by checking the necessary conditions.
Checking local network connection
First, you need to check whether your computer has a local network connection. To do this, you need to open the applet of available network adapters and network connections. The easiest way to open this applet is through the " Execute Windows + R ncpa.cpl and click " OK":
Note: there is a longer way - open "" and click on the link there " Change adapter settings".
This is what the network connections applet looks like:
This example shows that there is a physical network adapter on the computer and there is also a network connection to the local network. This example uses a cable connection to a local network (Ethernet). If connected via WiFi, the adapter will be called "802-11 Wireless Connection".
Possible errors that can be found in the Network Connections applet:
- This applet may not contain adapters at all - in this case, you need to check the list of equipment (Device Manager). The network adapter may be disabled or the drivers may not be installed.
- The adapter may be crossed out with a red cross. This means that there is no physical connection to the local network. You need to check the cables. In the case of WiFi, this means that the computer is not connected to a WiFi access point (router).
- The adapter may have the inscription " Unidentified network". This means that there is a physical connection to the local network, but the computer was unable to receive the settings of this network. Most often this happens if there is no router on the local network and you need to manually specify the local network parameters.
By default, Windows is configured to automatically receive network settings from the network router. If there is a router on the local network, then you just need to plug in a network cable or connect to a WiFi access point. If there is no router on the local network, and this sometimes happens when using small cable networks, then you will need to manually specify the network settings in the properties of the network adapter. More information about manually setting up local network parameters is written in the article “Setting up a network between Linux and Windows”. The setup is described there for Windows XP, but for Windows 10 it will be exactly the same.
The next step is to check the computer name and workgroup. To do this, you need to open the applet " Properties of the system"The easiest way to open this applet is through the dialog box" Execute". It is accessible through the Start menu or by pressing the keys Windows + R on keyboard. In this window write sysdm.cpl and click " OK":
This is what the applet looks like" Properties of the system" (you need to open the tab " Computer name"):
Here you need to check:
- Full name- it should not be written in Cyrillic and should not have spaces.
- Working group- it should not be written in Cyrillic and should not have spaces. In addition, the workgroup name must match the same name on other computers on the local network. That is, the workgroup name must be the same on all computers on the local network.
If you need to change the computer or workgroup name, click the Change button. After such a change, you will need to restart Windows.
Now you can proceed to setting up the Windows 10 network.
Setting up a Windows 10 network
Open "Windows Explorer" and in it find and open the item " Net". By default, sharing is disabled on Windows 10 and when you open Network, there will be a warning message at the top:
You need to click on this inscription and then select " Enable network discovery and file sharing":
Note: Another way to enable network discovery and file sharing via " Network and Sharing Center"and then click on the link" More sharing options" and then open the desired profile.
After that "Windows Explorer" will prompt you to select a network type, where you need to select the first option:
Note: if you later need to change the network type - instructions in the article "Change network type Windows 10".
After that "Windows Explorer" will show a list of computers on the local network:
You can now log into the shared folders on these computers.
Login via local network to a computer named "Home":
The next step is to configure Windows 10 folder sharing.
How to set up folder sharing in Windows 10
IN "Windows Explorer" Locate the folder you want to share. Right-click on this folder and select " Properties" (in this illustration the folder is called lan):
Note: The folder name must be in Latin and without spaces.
In the folder properties window, you need to open the " tab Access"and then press the button" General access":
In the next window, you need to open the list of local users (accounts on this computer) and select “All” from this list:
After that, click the "Add" button:
After this, you need to specify read and write access rights for the “Everyone” group:
After this, you need to click the “Finish” button:
After this, the window will open again" Folder properties". In it you can check the tab " Safety"there should be full access for the group" All" (Windows automatically changes NTFS file system permissions):
That's it, setting up access to a specific folder is complete. If you want to share another folder, these steps must be repeated for each one.
Note: There is no need to share individual files. All files that are in the shared folder will be accessible over the network. All will also be available online nested folders.
One last step left...
Need to open" Network and Sharing Center" and on the left side click on " Change advanced sharing options":
In the next window you need to open your profile " All networks":
And there disable the parameter " shared access with password protection" and of course click the "Save changes" button:
This completes setting up network access without a password for Windows 10. Now you can log into this computer via the local network and Windows will not require you to enter a password.
To check, let's go to a Windows 10 computer from a Windows XP computer:
The shared folder "lan" opens and you can edit and create files in it via the local network.
But if, nevertheless, Windows requires a network password
Despite the fact that the settings described above have been made, when you log into this computer, another computer may request a network password. This is possible in two cases.
Local users with the same name (login)
Both computers have local users with the same name but different passwords.
Example. There are Comp1 and Comp2. Each of them has a user named User. But on Comp1 the user's password is 123, and on Comp2 his password is 456. When trying to log in to the network, the system will ask for a password.
Solution. Or remove matching user logins. Or for users with the same login, specify the same password. An empty password is also considered the same.
There are no local users on Windows 10
On Windows 10, you can log in and work with a Microsoft account if you have Internet access. At the same time, it is possible that when installing Windows 10, a local user was not created at all (the login was via a Microsoft account). In this case, Windows will also require a password when logging in via the local network.
Solution. Create a local user on your Windows 10 computer.
If there are old computers on your local network
If there are computers on your local network running older versions of Windows or Linux, then you may encounter a problem where Windows 10 does not “see” such computers.
The reason may be that in the latest versions of Windows 10, support for the SMB version 1 protocol has been disabled. How to enable support for SMB version 1 is written in the article Local network between Windows 10 and Windows XP.
Unshare a Windows 10 folder
On Windows 10, canceling sharing is not at all obvious (unlike Windows XP). On the "tab" Access"(folder properties) there is no option, as there was in Windows XP. It is useless to click the "Sharing" button; you cannot cancel sharing there.
Now, to cancel sharing, you need to go to the " Access"press button" Advanced setup":
And disable access there (uncheck the “Share this folder” option):
As they say, “guess three times.”
Share a Windows 10 folder through the command line
Everything can be done much faster if you use the command line (console, cmd.exe). There are only two teams:
net share lan=c:\lan
net share lan /delete
The first command shares the folder c:\lan and sets a network name for it lan.
The second command deletes the network (public) folder lan. Real folder c:\lan Of course it stays in place.
Share Windows 10 files using the Shared Folders snap-in
The Windows 10 management toolkit includes a special program (snap-in) for managing shared resources on your computer. It's called "Shared Folders" and you can run it with the command fsmgmt.msc(in the console or via Win + R):
Alternatively, this snap-in can be opened through the Start menu: “Control Panel - Administrative Tools - Computer Management - Shared Folders”.
Windows 10 Printer Sharing
Printer sharing is configured in the same way as for a folder. You need to open the “Devices and Printers” applet, find the desired printer there, open its properties and on the “Access” tab define the network access parameters.
Setting up a local network for other operating systems
If you live in Krasnodar and you need to set up a local network in Windows
Ivan Sukhov, 2017, 2019 .
If you found this article useful or simply liked it, then do not hesitate to financially support the author. This is easy to do by throwing money at Yandex Wallet No. 410011416229354. Or on the phone +7 918-16-26-331 .
Even a small amount can help write new articles :)
annotation
This article describes the procedures for enabling and disabling Server Message Block (SMB) version 1, SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on SMB client and server components.
Warning. It is not recommended to disable SMB version 2 or 3. Disabling SMB version 2 or 3 should only be used as a temporary troubleshooting measure. Do not leave SMB version 2 or 3 disabled.
On Windows 7 and Windows Server 2008 R2, disabling SMB version 2 will disable the following functionality:
- Request Combination, which allows multiple SMB 2 requests to be sent as a single network request.
- High volumes of read and write operations allowing optimal use of fast networks.
- Caching properties of files and folders in which clients save local copies of files and folders.
- Long-lasting handles that allow you to transparently reconnect to the server in the event of a temporary outage.
- Improved message signatures, where the HMAC SHA-256 hashing algorithm replaces MD5.
- Improved scaling for file sharing (significantly increased the number of users, shares, and open files per server).
- Support for symbolic links.
- A soft locking client lease model that limits the amount of data transferred between the client and server, improving the performance of high-latency networks and increasing SMB server scalability.
- Large MTU support for full use of 10 Gigabit Ethernet.
- Reduced power consumption—Clients that have files open to the server can be in sleep mode.
- Transparent failover where clients fail over to cluster nodes during maintenance or failure without disrupting service.
- Scaling - providing parallel access to shared data on all cluster nodes.
- Multichannel provides aggregation of network channel bandwidth and network fault tolerance in various channels available between the client and server.
- SMB Direct - Provides support for RDMA networks to provide very high performance, low latency and low CPU utilization.
- Encryption - provides end-to-end encryption of data and protects it from interception on untrusted networks.
- Directory rentals reduce application response times in branch offices through caching.
- Optimizing the performance of random reads and writes of small amounts of data.
Additional Information
How to enable and disable SMB protocols on an SMB server
Windows 8 and Windows Server 2012
Windows 8 and Windows Server 2012 introduce a new Windows PowerShell cmdlet, Set-SMBServerConfiguration. It allows you to enable or disable SMB protocol versions 1, 2, and 3 on the server.Notes. When you enable or disable SMB version 2 in Windows 8 or Windows Server 2012, you also enable or disable SMB version 3. This is due to the use of a common stack for these protocols.
After running the cmdlet
- To get the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-SmbServerConfiguration -EnableSMB2Protocol $false
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Windows 7, Windows Server 2008 R2, Windows Vista and Windows Server 2008
To enable or disable SMB protocols on an SMB server running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.Windows PowerShell 2.0 or later PowerShell
- To disable SMB version 1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Serv ices\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
- To disable SMB version 2 and 3 protocols on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Serv ices\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force
- To enable SMB version 1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Serv ices\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force
- To enable SMB version 2 and 3 protocols on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Serv ices\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 -Force
Registry Editor
Attention ! This article contains information about modifying the registry. It is recommended that you create a backup copy of the registry before making changes. and learn the procedure for restoring it in case a problem arises. For more information about backing up, restoring, and editing the registry, see the following Microsoft Knowledge Base article.To enable or disable SMB version 1 on an SMB server, configure the following registry key:Registry Subkey: Registry Entry: SMB1
REG_DWORD: 0 = disabled
REG_DWORD: 1 = enabled
Default: 1 = enabled
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\LanmanServer\Parameters Registry Entry: SMB2
REG_DWORD: 0 = disabled
REG_DWORD: 1 = enabled
Default: 1 = enabled
sc.exe config lanmanworkstation depend=bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
- To enable SMB version 1 on the SMB client, run the following commands:
sc.exe config mrxsmb10 start=auto
- To disable SMB version 2 and 3 protocols on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend=bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
- To enable SMB version 2 and 3 protocols on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend=bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start=auto
- These commands must be entered at an elevated command prompt.
- After making these changes, you must restart your computer.
In connection with the recent outbreak of the WannaCry ransomware, which exploits the SMB v1 vulnerability, advice on disabling this protocol has again appeared on the network. Moreover, Microsoft strongly recommended disabling the first version of SMB back in September 2016. But such a disconnection can lead to unexpected consequences, even funny things: I personally came across a company where, after fighting SMB, Sonos wireless speakers stopped playing.
Especially to minimize the likelihood of being “shot in the foot,” I want to remind you of the features of SMB and consider in detail the consequences of ill-considered disabling its older versions.
SMB(Server Message Block) is a network protocol for remote access to files and printers. This is what is used when connecting resources via \servername\sharename. The protocol initially worked on top of NetBIOS, using UDP ports 137, 138 and TCP 137, 139. With the release of Windows 2000, it began to work directly, using TCP port 445. SMB is also used to log into and work in an Active Directory domain.
In addition to remote access to resources, the protocol is also used for interprocessor communication through “named streams” - named pipes. The process is accessed along the path \.\pipe\name.
The first version of the protocol, also known as CIFS (Common Internet File System), was created back in the 1980s, but the second version appeared only with Windows Vista, in 2006. The third version of the protocol was released with Windows 8. The protocol was created in parallel with Microsoft and was updated in its open Samba implementation.
With each new version of the protocol, various improvements were added to increase performance, security, and support for new functions. But at the same time, support for old protocols remained for compatibility. Of course, there were and are quite a few vulnerabilities in older versions, one of which is exploited by WannaCry.
Under the spoiler you will find a summary table of changes in SMB versions.
| Version | operating system | Added compared to the previous version |
| SMB 2.0 | Windows Vista/2008 | The number of protocol commands has changed from 100+ to 19 |
| Possibility of “conveyor” work – sending additional requests before receiving a response to the previous one | ||
| Symbolic link support | ||
| Signing HMAC messages with SHA256 instead of MD5 | ||
| Increase in cache and write/read blocks | ||
| SMB 2.1 | Windows 7/2008R2 | Performance improvement |
| Larger MTU support | ||
| Support for the BranchCache service - a mechanism that caches requests to the global network on the local network | ||
| SMB 3.0 | Windows 8/2012 | Possibility to build a transparent failover cluster with load distribution |
| Support for direct memory access (RDMA) | ||
| Manage via Powershell cmdlets | ||
| VSS support | ||
| AES–CMAC signature | ||
| AES–CCM encryption | ||
| Ability to use network folders to store HyperV virtual machines | ||
| Ability to use network folders to store Microsoft SQL databases | ||
| SMB 3.02 | Windows 8.1/2012R2 | Security and performance improvements |
| Automatic balancing in a cluster | ||
| SMB 3.1.1 | Windows 10/2016 | AES–GCM encryption support |
| Integrity check before authentication using SHA512 hash | ||
| Mandatory secure “negotiations” when working with SMB 2.x clients and higher |
We consider conditionally victims
It’s quite easy to view the currently used protocol version; we use the cmdlet for this Get-SmbConnection:
Cmdlet output when network resources are open on servers running different versions of Windows.
The output shows that a client that supports all versions of the protocol uses the maximum possible version supported by the server to connect. Of course, if the client only supports the old version of the protocol, and it is disabled on the server, the connection will not be established. You can enable or disable support for older versions on modern Windows systems using the cmdlet Set–SmbServerConfiguration, and see the state like this:
Get–SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Disable SMBv1 on a server running Windows 2012 R2.
Result when connecting with Windows 2003.
Thus, if you disable the old, vulnerable protocol, you can lose the functionality of the network with old clients. Moreover, in addition to Windows XP and 2003, SMB v1 is also used in a number of software and hardware solutions (for example, NAS on GNU\Linux using an old version of samba).
Below the spoiler, I will provide a list of manufacturers and products that will completely or partially stop working if SMB v1 is disabled.
| Manufacturer | Product | A comment |
| Barracuda | SSL VPN | |
| Web Security Gateway backups | ||
| Canon | Scan to a network resource | |
| Cisco | WSA/WSAv | |
| WAAS | Versions 5.0 and older | |
| F5 | RDP client gateway | |
| Microsoft Exchange Proxy | ||
| Forcepoint (Raytheon) | "Some Products" | |
| HPE | ArcSight Legacy Unified Connector | Old versions |
| IBM | NetServer | Version V7R2 and older |
| QRadar Vulnerability Manager | Versions 7.2.x and older | |
| Lexmark | Firmware eSF 2.x and eSF 3.x | |
| Linux Kernel | CIFS Client | From 2.5.42 to 3.5.x |
| McAfee | Web Gateway | |
| Microsoft | Windows | XP/2003 and older |
| MYOB | Accountants | |
| NetApp | ONTAP | Versions up to 9.1 |
| NetGear | ReadyNAS | |
| Oracle | Solaris | 11.3 and older |
| Pulse Secure | PCS | 8.1R9/8.2R4 and older |
| P.P.S. | 5.1R9/5.3R4 and older | |
| QNAP | All storage devices | Firmware older than 4.1 |
| RedHat | RHEL | Versions up to 7.2 |
| Ricoh | MFP, scanning to network resource | In addition to a number of models |
| RSA | Authentication Manager Server | |
| Samba | Samba | Over 3.5 |
| Sonos | Wireless speakers | |
| Sophos | Sophos UTM | |
| Sophos XG firewall | ||
| Sophos Web Appliance | ||
| SUSE | SLES | 11 and older |
| Synology | Diskstation Manager | Control only |
| Thomson Reuters | CS Professional Suite | |
| Tintri | Tintri OS, Tintri Global Center | |
| VMware | Vcenter | |
| ESXi | Older than 6.0 | |
| Worldox | GX3 DMS | |
| Xerox | MFP, scanning to network resource | Firmware without ConnectKey Firmware |
The list is taken from the Microsoft website, where it is regularly updated.
The list of products that use the old version of the protocol is quite large - before disabling SMB v1, you should definitely think about the consequences.
Still turning it off
If there are no programs and devices using SMB v1 on the network, then, of course, it is better to disable the old protocol. Moreover, if shutdown on a Windows 8/2012 SMB server is performed using the Powershell cmdlet, then for Windows 7/2008 you will need to edit the registry. This can also be done using Powershell:
Set–ItemProperty –Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 –Type DWORD –Value 0 –Force
Or in any other convenient way. However, a reboot will be required to apply the changes.
To disable SMB v1 support on the client, just stop the service responsible for its operation and fix the dependencies of the lanmanworkstation service. This can be done with the following commands:
sc.exe config lanmanworkstation depend=bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start=disabled
To conveniently disable the protocol throughout the network, it is convenient to use group policies, in particular Group Policy Preferences. Using them you can conveniently work with the registry.
Creating a registry element through group policies.
To disable the protocol on the server, just create the following parameter:
- value: 0.
path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters;
new parameter: REG_DWORD with the name SMB1;
Create a registry setting to disable SMB v1 on the server through group policies.
To disable SMB v1 support on clients, you will need to change the value of two parameters.
First, disable the SMB v1 protocol service:
- value: 4.
path: HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb10;
parameter: REG_DWORD with the name Start;
We update one of the parameters.
Then we will correct the dependency of the LanmanWorkstation service so that it does not depend on SMB v1:
- value: three lines – Bowser, MRxSmb20 and NSI.
path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation;
parameter: REG_MULTI_SZ with name DependOnService;
And we replace it with another one.
After applying Group Policy, you must restart your organization's computers. After a reboot, SMB v1 will no longer be used.
It works - don't touch it
Oddly enough, this old commandment is not always useful - ransomware and Trojans can appear in rarely updated infrastructure. However, careless shutdown and update of services can paralyze the work of an organization just like viruses.
Tell me, have you already disabled the first version of SMB? Were there many casualties?
Recent large-scale virus attacks have spread using holes and shortcomings of the old SMB1 protocol. For one of the unimportant reasons, the Windows operating system still allows it to work by default. This older version of the protocol is used for sharing files on a local network. Its newer versions 2 and 3 are more secure and worth leaving enabled. So, as you are using the new operating system number 10 or the previous one - 8 or even the already outdated one - 7, you must disable this protocol on your PC.
It is only included because there are still some users using older applications that were not updated in time to work with SMB2 or SMB3. Microsoft has compiled a list of them. If necessary, find and view it on the Internet.
If you keep all your programs installed on your computer in good condition (updated on time), you most likely need to disable this protocol. This will increase the security of your operating system and confidential data one step further. By the way, even specialists from the corporation itself recommend turning it off, if necessary.
Are you ready to make changes? Then let's continue.
SMB1
Open Control Panel, go to “Programs” and select “Turn Windows features on/off”.
In the list, find the “Support for SMB 1.0/CIFS file sharing” option, uncheck it and click “OK”.
Reboot the operating system, after saving all your previously edited files, such as documents, etc.
FOR WINDOWS 7
Editing the system registry will help you here. It is a powerful system tool and if incorrect data is entered into it, it can lead to unstable operation of the OS. Use it with caution and be sure to create a backup for rollback before doing so.
Open the editor by pressing the Win + R key combination on your keyboard and typing “regedit” in the input field. Next, follow the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Create a new 32-bit DWORD value and name it “SMB1” with the value “0”. Reboot your system.
Attention! These methods work to disable the protocol only on one PC, but not on the entire network. Refer to the official Microsoft documentation for the information you are interested in.
