Manage SMB dialects in Windows (preview)
Applies to: Windows and Windows Server Insider Builds
Important
Windows Insider and Windows Server Insider builds are in PREVIEW. This information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Administrators have the ability to manage SMB2 and SMB3 dialects in Windows Server and Windows client. In this article, learn how to configure a minimum and maximum SMB dialect for the SMB server and client using Group Policy and Windows PowerShell.
By default SMB Server and client automatically negotiates the highest matched dialect from SMB 2.0.2 to 3.1.1. Beginning with Windows 11 Insider Preview Build 25951 and Windows Server Preview Build 25951, you can specify the SMB protocols used, blocking older, less secure, versions from connecting to the server. For example, you can specify connection to only use SMB 3.1.1, the most secure dialect of the protocol.
Prerequisites
Before you can configure SMB dialects you need:
- An SMB server running on one of the following operating systems.
- Windows Server Insiders build 25951 or later.
- Windows 11 Insiders build 25951 or later.
- Administrative privileges to the computer.
- If you're using Group Policy on a domain, you need privileges to create or edit a Group Policy object (GPO) and link it to the appropriate organizational unit (OU).
Configure maximum and minimum SMB dialects
You can configure the dialects available for negotiation using Group Policy or PowerShell. The minimum and maximum dialects can be set independently for the SMB server and client. Alternately, you can choose not to set a maximum. For example, you can set a minimum of 3.1.1 which effectively sets the maximum to 3.1.1.
SMB server
You can configure the dialects available to your SMB server (that is, for inbound connections), by following these steps:
Here's how to configure the minimum and maximum SMB dialects for the SMB server using PowerShell using the Set-SmbServerConfiguration cmdlet:
From an elevated PowerShell prompt, run the following commands:
Set-SmbServerConfiguration -Smb2DialectMax {SMB202 | SMB210 |
SMB300 | SMB302 | SMB311 | None} -Smb2DialectMin {None | SMB202 | SMB210 | SMB300 | SMB302 | SMB311}
For example, to set the minimum dialect to SMB 3.0.0 and maximum dialects to SMB 3.1.1, run the following command:
Set-SmbServerConfiguration -Smb2DialectMax SMB311 -Smb2DialectMin SMB300
SMB client
You can configure the dialects available to your SMB client (that is, for outbound connections), by following these steps:
Here's how to configure the minimum and maximum SMB dialects for the SMB client using PowerShell using the Set-SmbClientConfiguration cmdlet:
From an elevated PowerShell prompt, run the following commands:
Set-SmbClientConfiguration -Smb2DialectMax {SMB202 | SMB210 |
SMB300 | SMB302 | SMB311 | None} -Smb2DialectMin {None | SMB202 | SMB210 | SMB300 | SMB302 | SMB311}
For example, to set the minimum and maximum dialects to SMB 3.1.1, run the following command:
Set-SmbClientConfiguration -Smb2DialectMax SMB311 -Smb2DialectMin SMB311
Verify dialect negotiation
You can use a network capture tool like Wireshark to examine the client and server responses during negotiation of the SMB protocol. In the following example, the client requests SMB 3.1.1 only because it's configured with a minimum and maximum dialect of 3.1.1:
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for