We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.

In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:

• Request compounding - allows for sending multiple SMB 2 requests as a single network request
• Larger reads and writes - better use of faster networks
• Caching of folder and file properties - clients keep local copies of folders and files
• Durable handles - allow for connection to transparently reconnect to the server if there is a temporary disconnection
• Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
• Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
• Support for symbolic links
• Client oplock leasing model - limits the data transferred between the client and server, improving performance on high-latency networks and increasing SMB server scalability
• Large MTU support - for full use of 10-gigabye (GB) Ethernet
• Improved energy efficiency - clients that have open files to a server can sleep

In Windows 8 and Windows Server 2012, disabling SMBv3 deactivates the following functionality (and also the SMBv2 functionality that is described in the previous list):

• Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
• Scale Out – concurrent access to shared data on all file cluster nodes
• Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
• SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization
• Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
• Directory Leasing - Improves application response times in branch offices through caching
• Performance Optimizations - optimizations for small random read/write I/O

The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008. The SMBv3 protocol was introduced in Windows 8 and Windows Server 2012.

Enable or disable SMB protocols on the SMB server (side)

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

NOTE: When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

To obtain the current state of the SMB server protocol configuration, run the following cmdlet:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB2Protocol $false

To enable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB2Protocol $true

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

REQUIREMENT: Windows PowerShell 2.0 or a later version of PowerShell.

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force

To enable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force

To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 -Force

NOTE: You must restart the computer after you make these changes.

Registry Editor

Important: this article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs.

To enable or disable SMBv1 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

To enable or disable SMBv2 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

Enable or disable SMB protocols on the SMB client (side)

When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

To enable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi 
sc.exe config mrxsmb10 start= auto

To disable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi 
sc.exe config mrxsmb20 start= disabled

To enable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi 
sc.exe config mrxsmb20 start= auto

NOTE: You must run these commands at an elevated command prompt and you must restart the computer after you make these changes.