For years, Microsoft has been recommending that you disable the vulnerable SMBv1 protocol. The recent WannaCry ransomware outbreak underscores the need to take this important step. Here’s how.
The recent WannaCry ransomware outbreak spread because of a vulnerability in one of the Internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1).
Your PCs that run Windows 10 were protected from that exploit, but that doesn’t mean you’ll be so lucky the next time.
In the interests of implementing a comprehensive, multi-layer security policy, Microsoft recommends that you disable the SMBv1 protocol completely. The world has already moved on to SMBv3, and there’s no excuse for continuing to let that old and horribly insecure protocol continue running on your network.
To permanently remove SMBv1 support from Windows 10, use either of these two approaches.
Open Control Panel > Programs, and then click Turn Windows features on or off (under the Programs heading). Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That’s it; you’re protected.
As an alternative, open a Windows PowerShell prompt with administrative privileges. In the Windows 10 Creators Update, version 1703, right-click the Start button and choose Windows PowerShell (Admin) from the Quick Link menu.) If you’re running an earlier Windows 10 version, enter Windows PowerShell in the search box, then right-click the Windows PowerShell shortcut and click Run as administrator.
From that elevated PowerShell prompt, type the following command:
Press Enter and you’re done.
Disabling SMBv1 shouldn’t have any effect on modern hardware. Some consumer-grade network attached storage devices use this protocol by default, but a firmware update or a change in settings might allow you to change it to something more secure.
If you discover that you have an older network device that won’t work without this feature, use Control Panel to turn the feature back on, but only long enough to buy and install a replacement for that device.