Configure SMB v1 client driver

Information

Configures the SMB v1 client driver's start type.
To disable client-side processing of the SMBv1 protocol, select the 'Enabled' radio button, then select 'Disable driver' from the dropdown.
WARNING: DO NOT SELECT THE 'DISABLED' RADIO BUTTON UNDER ANY CIRCUMSTANCES!
For Windows 7 and Servers 2008, 2008R2, and 2012, you must also configure the 'Configure SMB v1 client (extra setting needed for pre-Win8.1/2012R2)' setting.
To restore default SMBv1 client-side behavior, select 'Enabled' and choose the correct default from the dropdown:
* 'Manual start' for Windows 7 and Windows Servers 2008, 2008R2, and 2012;
* 'Automatic start' for Windows 8.1 and Windows Server 2012R2 and newer.
Changes to this setting require a reboot to take effect.
For more information, see https://support.microsoft.com/kb/2696547

Solution

Policy Path: MS Security Guide
Policy Setting Name: Configure SMB v1 client driver

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: ec55162cb1ff4315eb030291c2ea68dbdf354ae7a2d8eef9b9d33daec04df02a