How to Detect and Disable SMBv1 on Windows Server (Audit First, by Component)
A security scan flags SMBv1 (SMB 1.0/CIFS) enabled, and you need to check for it and disable or remove it on Windows Server — without breaking a legacy device that still depends on it.
Why a single registry tweak isn’t the whole job: random scripts flip one value and call it done. But SMBv1 has separate server and client components, and you should audit who’s still using it before you pull it — or you’ll knock an old scanner/NAS/MFP offline. Here’s the supported, ordered approach.
Step 1: Check whether SMBv1 is even present
In admin PowerShell:
Get-SmbServerConfiguration | Select EnableSMB1Protocol
Get-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolThe first shows the server protocol; the second shows whether the SMB 1.0/CIFS Windows feature is installed.
Step 2: Audit usage before disabling (don’t skip this)
Turn on auditing so you can see if anything still connects over SMBv1:
Set-SmbServerConfiguration -AuditSmb1Access $trueThen watch Event Viewer → Applications and Services Logs → Microsoft → Windows → SMBServer → Audit, Event ID 3000 — each entry names a client still using SMBv1. Let it run a few days. No events = safe to remove.
Step 3: Disable the SMBv1 server
Set-SmbServerConfiguration -EnableSMB1Protocol $falseNo reboot needed for the server side.
Step 4: Disable the SMBv1 client (the part people miss)
The client is a separate driver, mrxsmb10:
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client(Or stop/disable the mrxsmb10 service and remove it from the LanmanWorkstation DependOnService list.) Then reboot.
Step 5: Remove the feature entirely (optional, cleanest)
Disable-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolReboot. SMB 1.0/CIFS is now gone, not just toggled off.
FAQ
Will modern devices still work? Yes — Windows, current NAS, and printers all speak SMB2/SMB3. Only genuinely ancient gear needs SMBv1, which the audit (Step 2) will reveal.
A device broke after I disabled it. That device only speaks SMBv1 — update its firmware or replace it. Don’t re-enable SMBv1 network-wide; if you truly must, do it only on the one machine that needs it, temporarily. Related: the Windows 11 24H2 SMB signing change is a different SMB hardening you may also hit.
Sources: Microsoft Learn — Detect, enable, and disable SMBv1, SMBv2, and SMBv3