Skip to main content

Disable insecure "SMBv1" protocol

Apply Now
Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.
  • Windows onlyThis script improves your privacy on Windows
  • Single actionThis page belongs to a script, containing basic changes to achieve a task.
  • Impact: Minimum

    System Functionality / Data Loss Risk: Low

    This action improves privacy with minimal impact when you run the recommended script.

  • Batch (batchfile)These changes use Windows system commands to update your settings.
  • Administrator rights requiredThis script requires privilege access to do the system changes
  • Fully reversible

    You can fully restore this action (revert back to the original behavior) using this website.

    The restore/revert methods provided here can help you fix issues.

Overview

This script improves network security by disabling the outdated SMBv1 protocol.

SMBv1, or Server Message Block version 1, is an outdated network protocol developed for file and printer sharing across networks 1 2. This protocol is well-known for its vulnerabilities to cyber attacks 1 2 3 4 5. Microsoft deprecated SMBv1 in 2014 6 7. Since 2007, newer and more secure versions of this protocol have replaced SMBv1 in modern versions of Windows 6. It is still enabled by default in older Windows versions 1. Microsoft advises disabling this protocol to strengthen security 1 8. SMB1 is not necessary for most users, as Microsoft ensures vendor support for at least SMB 2.0 2.

The primary reasons for disabling SMBv1 include:

  • It uses the outdated MD5 hash algorithm, vulnerable to security attacks 3.
  • It fails to meet modern security standards set by FIPS 3, CISA (US-CERT) 5, CIS (Department of Defense) 3, and Microsoft Security Baseline 8.
  • It lacks the efficiency and performance improvements present in newer versions of the protocol 2.
  • It is vulnerable to various cyber threats 1 2 3 4 5, , including ransomware and malware 1 2.

Disabling SMBv1 may lead to compatibility issues with older network devices and software 1 3 6 9. This may affect file sharing and print services on systems like Windows Server 2003 3 and some older Network Attached Storage (NAS) devices 3. These systems are insecure and are no longer supported.

This script makes the following changes to your system:

  • Removal of SMBv1 components:
  • SMB1Protocol 2 3 4 10 (also known as FS-SMB1 2 11)
  • SMB1Protocol-Client 10
  • SMB1Protocol-Server 10.
  • Disabling the mrxsmb10 (SMB 1.x MiniRedirector 12) driver, linked with SMBv1 1 4 13, and adjusting related settings to keep older systems stable 1 4 13.
  • Disabling server side processing of SMBv1 protocol using HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters!SMBv1 registry key 1 14 15.

These changes require a system reboot to take effect 1 4 9.

Caution

This may cause compatibility issues with older devices or software.

Overview of default feature statuses

SMB1Protocol:

Feature nameSMB1Protocol
Display nameSMB 1.0/CIFS File Sharing Support
DescriptionSupport for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
Default (Windows 11 ≥ 23H2)🔴 Disabled
Default (Windows 10 ≥ 22H2)🔴 Disabled

SMB1Protocol-Client:

Feature nameSMB1Protocol-Client
Display nameSMB 1.0/CIFS Client
DescriptionSupport for the SMB 1.0/CIFS client for accessing legacy servers.
Default (Windows 11 ≥ 23H2)🔴 Disabled
Default (Windows 10 ≥ 22H2)🔴 Disabled

SMB1Protocol-Server:

Feature nameSMB1Protocol-Server
Display nameSMB 1.0/CIFS Server
DescriptionSupport for the SMB 1.0/CIFS file server for sharing data with legacy clients and browsing the network neighborhood.
Default (Windows 11 ≥ 23H2)🔴 Disabled
Default (Windows 10 ≥ 22H2)🔴 Disabled

Overview of default service statuses

SMB 1.x MiniRedirector (mrxsmb10):

OS VersionStatusStart type
Windows 11 (≥ 23H2)🟡 MissingN/A
Windows 10 (≥ 22H2)🟡 MissingN/A
Safe for General Use
All actions in this script is recommended for all users. This is recommended for all users to improve without any noticeable impact on the system functionality.
Sources
PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly
  • No app needed
  • Offline usage
  • Easy-to-apply
  • Free
  • Open-source
Help

How to apply or restore "Disable insecure "SMBv1" protocol" using script

  • ≈ 2 min to complete
  • Tools: Web Browser
  • Difficulty: Simple
  • ≈ 5 instructions
  1. 1

    Download

    Download the script file by clicking on the   Apply protection  button above.
    Use   Undo protection button above to restore changes.
  2. 2

    Keep the file

    If warned by your browser, keep the file.
  3. 3

    Open

    Open the downloaded file.
  4. 4

    Exit

    Once it's done, press any key to exit the window.
  5. 5

    Restart

    Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks
  • Recommended for most users
  • Includes safety checks
  • Free
  • Open-source
  • Popular
  • Offline/Online usage
Open privacy.sexy
Help

How to apply or restore "Disable insecure "SMBv1" protocol" using privacy.sexy

  • ≈ 3 min to complete
  • Tools: privacy.sexy
  • Difficulty: Simple
  • ≈ 4 instructions
privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.
  1. 1

    Open or download

    Open or download the desktop application
  2. 2

    Choose script

    1. Search for the script name: Disable insecure "SMBv1" protocol
    2. Check the script by clicking on the checkbox.
  3. 3

    Run

    Click on ▶️ Run button at the bottom of the page.

    This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge
Apply changes
:: Disable the "SMB1Protocol" feature
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
:: Disable the "SMB1Protocol-Client" feature
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol-Client'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
:: Disable the "SMB1Protocol-Server" feature
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol-Server'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
:: Disable service(s): `mrxsmb10`
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'mrxsmb10'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters!SMBv1"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' /v 'SMBv1' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
Help

How to apply or restore "Disable insecure "SMBv1" protocol" using commands

  • ≈ 2 min to complete
  • Tools: Command Prompt
  • Difficulty: Medium
  • ≈ 3 instructions
 View step-by-step guide with screenshots
  1. 1

    Open Command Prompt

    Open Command Prompt as Administrator.
  2. 2

    Copy code

    Copy the code:
    Copy Apply Code Copy Revert Code
  3. 3

    Paste & run

    Paste the commands into Command Prompt and press Enter to run.

    Some changes require a system restart to take effect

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.

See other more general settings that includes this one as one of its actions.

These plans combine multiple privacy settings, including this one, for stronger protection.

This category focuses on enhancing user privacy by disabling legacy and insecure communication protocols. It targets protocols that expose users to security vulner...
Visit category page

Same Goal

Other guides in Disable insecure protocols 

See settings that are in the same category as this guide.

Using other actions in the same category may help you achieve your goal better.

See all 7 guides

About the Creators

These people have authored this documentation and written its scripts:

  • Avatar of undergroundwires. The creator of PrivacyLearn and privacy.sexy. Black and white portrait showing a person wearing a polka dot tie and suit jacket, reflecting the professional expertise behind the privacy protection tools.
    • Certified security professional
    • 7+ years experience securing banks
    • Open-source developer since 2005
    • EU advisor, Public Speaker, Moderator
    • Hundreds across the globe
    • Testers, reviewers, developers
    • Companies, military agencies
    • Community since 2017
About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

  • Expert review by undergroundwires

    • Verified technical accuracy and editorial standards
    • Assessed system impact and user privacy risks

  • Public review by large community

    • Privacy enthusiasts and professionals peer-reviewed
    • Millions of end-users tested across different environments

History

We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process