In the Fall Creator’s update, one item that flew under many people’s attention was that Samba v1 was disabled, so that Windows 10 won’t map SMB network drives using that version of the protocol.

We had tested build 1709 of Windows 10, aka “Fall’s Creator Update”, and everything seemed good to go. In fact, 1703 was beginning to cause us more than a couple of issues. However, what we had not counted on was that a fresh install would behave differently than an upgrade, and that difference would be intentional.

Granted, Samba 1 needs to retire. Having said that, many enterprise sites cannot move all that quickly. In addition, the security risk of SMB1 is actually quite small, as it requires several things to align at once in order to hack into it. For all of these reasons, many places probably are not yet in a position for moving totally to SMB2. While a nice proactive approach, Microsoft seems a bit premature to totally disable SMB1 on a fresh Windows install. You be the judge, though, as it is outlined in “SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709“.

The workaround is a straight-forward enough PowerShell command. It can be applied manually or during the image deployment process. It is outlined in Microsoft’s article “How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server“.

TLDR:

Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>