Share via

Impact when disabling SMBv2/v3 for all Windows Server 2016 OS and above?

EnterpriseArchitect 6,386 Reputation points
2023-07-14T06:45:18.99+00:00

People,

I need clarification on whether SMB v1 and v2 are still required and turned on by default in Windows Server 2016, 2019 and 2022.

My concern is that deploying the following GPO on all Windows servers in our AD domain will cause problems since the Windows workstation OS (10 and 11) may use this feature to access the file shares.

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#disable-smbv1-by-using-group-policy

It appears that SMBv1 can be disabled using the Group Policy Preference registry method, but it is not possible to disable SMBv2 without affecting SMBv3, which could result in issues accessing file shares.

Do we still need to implement the Group Policy mentioned above even if we consistently update our Windows Servers?

I would greatly appreciate any assistance and guidance you can provide.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 45,231 Reputation points
    2023-07-17T13:46:23.92+00:00

    Hello EnterpriseArchitect,

    Thank you for your question and for reaching out with your question today.

    As of my knowledge cutoff in September 2021, here is the information regarding SMB versions in Windows Server 2016, 2019, and 2022:

    Windows Server 2016:

    • SMBv1: Enabled by default but deprecated. It is recommended to disable SMBv1 due to security concerns.
    • SMBv2 and SMBv3: Both enabled by default. SMBv2 and SMBv3 are more secure and have improved performance compared to SMBv1.

    Windows Server 2019 and 2022:

    • SMBv1: Not installed by default but can be installed as an optional feature. It is recommended to keep it disabled unless there are specific legacy applications or devices that require it.
    • SMBv2 and SMBv3: Both enabled by default. SMBv2 and SMBv3 are the preferred and more secure versions of SMB.

    Regarding your concern about the GPO to disable SMBv1 and its impact on Windows workstations accessing file shares, it is important to consider the following:

    1. Compatibility: Most modern Windows workstations (Windows 10 and 11) should be compatible with SMBv2 and SMBv3 and should not rely on SMBv1 for file sharing. However, it is recommended to verify that all your workstations support and are configured to use SMBv2 or SMBv3 before disabling SMBv1.
    2. Legacy Applications or Devices: Some legacy applications or devices may still rely on SMBv1 for file sharing. If you have any such applications or devices, you may need to assess their compatibility with SMBv2 or SMBv3 and make any necessary configuration changes or updates before disabling SMBv1.

    It is generally recommended to disable SMBv1 due to security concerns, as it has known vulnerabilities. However, before implementing the Group Policy to disable SMBv1, it is essential to thoroughly test the impact on your environment, including checking the compatibility of your workstations and ensuring that any legacy applications or devices are adequately addressed.

    It's also important to stay updated with the latest security patches and recommendations from Microsoft. As operating systems and technologies evolve, the guidance and best practices around SMB versions may change. Therefore, it is advisable to consult the official Microsoft documentation, product documentation, or seek guidance from Microsoft support or a qualified IT professional to ensure you have the most up-to-date information and make informed decisions for your specific environment.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    Best regards.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.