SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

Applies to: Windows 10, version 1709Windows Server Datacenter CoreWindows Server Standard Core

Summary


In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. It was superseded by SMBv2 and later protocols starting in 2007. Microsoft publicly deprecated the SMBv1 protocol in 2014.

SMBv1 has the following behavior in Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3):

  • SMBv1 now has both client and server sub-features that can be uninstalled separately.
  • Windows 10 Enterprise and Windows 10 Education no longer contain the SMBv1 client or server by default after a clean installation.
  • Windows Server 2016 no longer contains the SMBv1 client or server by default after a clean installation.
  • Windows 10 Home and Windows 10 Professional no longer contain the SMBv1 server by default after a clean installation.
  • Windows 10 Home and Windows 10 Professional still contain the SMBv1 client by default after a clean installation. If the SMBv1 client is not used for 15 days in total (excluding the computer being turned off), it automatically uninstalls itself.
  • In-place upgrades and Insider flights of Windows 10 Home and Windows 10 Professional do not automatically remove SMB1 initially. If the SMBv1 client or server is not used for 15 days in total (excluding the time during which the computer is off), they each automatically uninstall themselves. 
  • In-place upgrades and Insider flights of Windows 10 Enterprise and Windows 10 Education do not automatically remove SMB1. An administrator must decide to uninstall SMB1 in these managed environments.
  • Automatic removal of SMB1 after 15 days is a one-time operation. If an administrator re-installs SMB1, no further attempts will be made to uninstall it.
  • The SMB version 2.02, 2.1, 3.0, 3.02, and 3.1.1 features are still fully supported and included by default as part of the SMBv2 binaries.
  • Because the Computer Browser service relies on SMBv1, the service is uninstalled if the SMBv1 client or server is uninstalled. This means that Explorer Network can no longer display Windows computers through the legacy NetBIOS datagram browsing method.
  • SMBv1 can still be reinstalled in all editions of Windows 10 and Windows Server 2016.

Note Windows 10, version 1803 (RS4) Professional handles SMB1 like Windows 10, version 1703 (RS2) and Windows 10, version 1607 (RS1). This issue will be fixed in next version of Windows (RS5). You can still uninstall SMB1 manually. However, Windows will not automatically uninstall SMB1 after 15 days in the following scenarios:

  • You clean install Windows 10, version 1803.

  • You upgrade Windows 10, version 1607 or Windows 10, version 1703 to Windows 10, version 1803 directly without upgrading to Windows 10, version 1709 first.

If you try to connect to devices that support only SMBv1, or if these devices try to connect to you, you may receive one of the following errors messages:


The following events appear when a remote server required an SMB1 connection from this client, but SMB1 is uninstalled or disabled on the client.


These devices are not likely running Windows. They are more likely running older versions of Linux, Samba, or other types of third-party software to provide SMB services. Often, these versions of Linux and Samba are, themselves, no longer supported.

Note Windows 10 version 1709 is also known as Fall Creators Update.

More Information


To work around this issue, contact the manufacturer of the product that supports only SMBv1, and request a software or firmware update that support SMBv2.02 or a later version. For a current list of known vendors and their SMBv1 requirements, see the following Windows and Windows Server Storage Engineering Team Blog article:

SMBv1 Product Clearinghouse

Leasing mode

If SMBv1 is required to provide application compatibility for legacy software behavior, such as a requirement to disable oplocks, Windows provides a new SMB share flag that's known as Leasing modeThis flag specifies whether a share disables modern SMB semantics such as leases and oplocks.

You can specify a share without using oplocks or leasing to allow a legacy application to work with SMBv2 or a later version. To do this, use the New-SmbShare or Set-SmbShare PowerShell cmdlets together with the -LeasingMode None parameter.

Note You should use this option only on shares that are required by a third-party application for legacy support if the vendor states that it is required. Do not specify Leasing mode on user data shares or CA shares that are used by Scale-Out File Servers. This is because the removal of oplocks and leases causes instability and data corruption in most applications. Leasing mode works only in Share mode. It can be used by any client operating system.

Explorer Network Browsing

The Computer Browser service relies on the SMBv1 protocol to populate the Windows Explorer Network node (also known as "Network Neighborhood"). This legacy protocol is long deprecated, doesn't route, and has limited security. Because the service cannot function without SMBv1, it is removed at the same time.

However, if you still have to use the Explorer Network in home and small business workgroup environments to locate Windows-based computers, you can follow these steps on your Windows-based computers that no longer use SMBv1:

  1. Start the "Function Discovery Provider Host" and "Function Discovery Resource Publication" services, and then set them to Automatic (Delayed Start).
  2. When you open Explorer Network, enable network discovery when you are prompted.

All Windows devices within that subnet that have these settings will now appear in Network for browsing. This uses the WS-DISCOVERY protocol. Contact your other vendors and manufacturers if their devices still don't appear in this browse list after the Windows devices appear. It is possible they have this protocol disabled or that they support only SMBv1.

Note We recommend that you map drives and printers instead of enabling this feature, which still requires searching and browsing for their devices. Mapped resources are easier to locate, require less training, and are safer to use. This is especially true if these resources are provided automatically through Group Policy. An administrator can configure printers for location by methods other than the legacy Computer Browser service by using IP addresses, Active Directory Domain Services (AD DS), Bonjour, mDNS, uPnP, and so on.

If you cannot use any of these workarounds, or if the application manufacturer cannot provide supported versions of SMB, you can re-enable SMBv1 manually by following the steps in KB 2696547.

Important We strongly recommend that you do not reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware.

References