The Deprecation of SMB1 – You should be planning to get rid of this old SMB dialect
I regularly get a question about when will SMB1 be completely removed from Windows. This blog post summarizes the current state of this old SMB dialect in Windows client and server.
1) SMB1 is deprecated, but not yet removed
We already added SMB1 to the Windows Server 2012 R2 deprecation list in June 2013. That does not mean it’s fully removed, but that the feature is “planned for potential removal in subsequent releases”. You can find the Windows Server 2012 R2 deprecation list at https://technet.microsoft.com/en-us/library/dn303411.aspx.
2) Windows Server 2003 is going away
The last supported Windows operating system that can only negotiate SMB1 is Windows Server 2003. All other currently supported Windows operating systems (client and server) are able to negotiate SMB2 or higher. Windows Server 2003 support will end on July 14 of this year, as you probably heard.
3) SMB versions in current releases of Windows and Windows Server
Aside from Windows Server 2003, all other versions of Windows (client and server) support newer versions of SMB:
- Windows Server 2008 or Windows Vista – SMB1 or SMB2
- Windows Server 2008 R2 or Windows 7 – SMB1 or SMB2
- Windows Server 2012 and Windows 8 – SMB1, SMB2 or SMB3
- Windows Server 2012 R2 and Windows 8.1 – SMB1, SMB2 or SMB3
For details on specific dialects and how they are negotiated, see this blog post on SMB dialects and Windows versions.
4) SMB1 removal in Windows Server 2012 R2 and Windows 8.1
In Windows Server 2012 R2 and Windows 8.1, we made SMB1 an optional component that can be completely removed. That optional component is enabled by default, but a system administrator now has the option to completely disable it. For more details, see this blog post on how to completely remove SMB1 in Windows Server 2012 R2.
5) SMB1 removal in Windows 10 Technical Preview and Windows Server Technical Preview
SMB1 will continue to be an optional component enabled by default with Windows 10, which is scheduled to be released in 2015. The next version of Windows Server, which is expected in 2016, will also likely continue to have SMB as an optional component enabled by default. In that release we will add an option to audit SMB1 usage, so IT Administrators can assess if they can disable SMB1 on their own.
6) What you should be doing about SMB1
If you are a systems administrator and you manage IT infrastructure that relies on SMB1, you should prepare to remove SMB1. Once Windows Server 2003 is gone, the main concern will be third party software or hardware like printers, scanners, NAS devices and WAN accelerators. You should make sure that any new software and hardware that requires the SMB protocol is able to negotiate newer versions (at least SMB2, preferably SMB3). For existing devices and software that only support SMB1, you should contact the manufacturer for updates to support the newer dialects.
If you are a software or hardware manufacturer that has a dependency on the SMB1 protocol, you should have a clear plan for removing any such dependencies. Your hardware or software should be ready to operate in an environment where Windows clients and servers only support SMB2 or SMB3. While it’s true that today SMB1 still works in most environments, the fact that the feature is deprecated is a warning that it could go away at any time.
7) Complete removal of SMB1
Since SMB1 is a deprecated component, we will assess for its complete removal with every new release.
Comments
- Anonymous
January 01, 2003
Maybe the auditing should be back ported to 2008? As a Citrix admin we have lots of services/apps/clients that require SMB1 for ______________ reason. But we don't have the ability to determine who/where/why... Auditing would enable us to hunt them down and apply pressure. - Anonymous
April 21, 2015
Thanks for such an awesome and informative blog, Jose. - Anonymous
April 21, 2015
As long as Windows XP is in use, complete SMB v1 removal will be a huge mistake. It will only lead to lower adoption of the Windows release which does that. Already Windows is struggling to make every release a success. Forget about removing it for the foreseeable future. - Anonymous
September 23, 2016
Please bring auditing at least to 2012 R2. Is there already a feature for this? - Anonymous
June 28, 2017
Buenas tardes.... es necesario deshabilitar SMB1 en Windows Server 2003? - Anonymous
July 03, 2017
As an IT services provider we are getting more and more queries about SMB 1 and when it will be deactivated. Is there any update on this question?