Configure SMB v1 client driver

Information

Configures the SMB v1 client driver's start type.

To disable client-side processing of the SMBv1 protocol select the 'Enabled' radio button then select 'Disable driver' from the dropdown.

WARNING: DO NOT SELECT THE 'DISABLED' RADIO BUTTON UNDER ANY CIRCUMSTANCES!For Windows 7 and Servers 2008 2008R2 and 2012 you must also configure the 'Configure SMB v1 client (extra setting needed for pre-Win8.1/2012R2)' setting.

To restore default SMBv1 client-side behavior select 'Enabled' and choose the correct default from the dropdown:* 'Manual start' for Windows 7 and Windows Servers 2008 2008R2 and 2012;* 'Automatic start' for Windows 8.1 and Windows Server 2012R2 and newer.

Changes to this setting require a reboot to take effect.

For more information see https://support.microsoft.com/kb/2696547

Solution

Policy Path: MS Security Guide
Policy Setting Name: Configure SMB v1 client driver

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: e8fedca7025e8251d2d00367ba263e412d60a8a6b2a053ba9c06139c81982f0c