Shared folders, network computers, flash drives, drives are not displayed on the "Network" tab of Windows Explorer. Disable SMB1 to protect your Windows computer from attacks Connecting via smb protocol windows 10
Hey! For those who are not in the subject, I will start from afar. On computers and laptops installed Windows there is a separate "Network" tab in the explorer. This tab displays devices from Network Neighborhood. That is, by opening the "Network" tab, we can observe computers, network storage (NAS), multimedia devices (DLNA), flash drives and external drives that are connected to the router and are set to be shared. Simply put, those devices that are connected through one router (are on the same network) and that have network discovery enabled (devices that can be found in local network) . Our router can also be displayed there. (section "Network infrastructure") and other devices.
Now I will explain what and how, and why I decided to write this article at all. I have an ASUS router that I connected to USB flash drive, and set up shared access to this flash drive for all devices on the network. And what do you think, this network drive appeared in the "Network" section on all computers (it shows up as "Computer"), but it didn't show up on my computer. That is, my computer did not see a USB flash drive connected to the router, nor other computers on this network. But the DLNA server was displayed running on the same router. But that doesn't change anything, since I need a regular network access to the drive.
Also, I could not access the flash drive when I typed its address //192.168.1.1 in the explorer. Immediately this address opened through the browser. And I was unable to mount this drive as network drive. It simply was not in the list of available devices in network environment.
Such a problem when Windows 7, Windows 8, or Windows 10 does not see network devices is not uncommon. It doesn't have to be a flash drive, or external HDD, which you connected to your router, as in my case. Most often, they set up sharing between computers on a local network. And in the same way they face the problem when the computers are connected to the same network (to one router), settings public access are set correctly, but the "Network" tab is empty. Or, only the router and your computer are displayed.
Since there can be many reasons and, accordingly, solutions, I will probably start with the simplest ones. (which did not help me) and at the end of this article I will share the solution that helped in my case. As a result, my laptop still saw all the devices on the network. Including a network drive and another computer that is also connected to this network.
But this does not mean that you have the same case. Therefore, I advise you to check all the settings in order.
Checking sharing settings
We will consider two cases:
- When computers do not see each other on the local network.
- Shared access to the network drive. We can have a flash drive, or HDD which is connected to the router, or a separate drive (aka NAS).
First case
For computers to see each other and appear in File Explorer under Network, they must be connected through the same router. Or connected directly (cable or Wi-Fi). Simply put, they must be on the same local network.
Further, on all computers (I don't know how many there are), it is desirable to assign the network status "Home" (private). How to do this in Windows 10, I wrote in the article. In Windows 7, just go to the "Network and Sharing Center" and change the status there current connection.
If after that the computer still does not detect other computers (or vice versa), then let's check the sharing settings.
To do this, in the "Network and Sharing Center" window (if you do not know how to open it in Windows 10, then see the article), click on the "Change advanced sharing settings" item.
And for the current profile (usually it is "Private"), set the parameters as in the screenshot below.
Doing it on all computers in the local network.
Articles on this topic:
As a rule, these tips solve all problems with discovering computers on the local network.
Second case
When you have problems accessing your NAS. As in my case. Windows 10 did not see USB stick, which was connected to the ASUS router. Now many routers have a USB port for connecting drives and other devices, so the topic is relevant.
You need to make sure that this drive is defined in the router settings, and sharing is enabled. It is clear that on different routers, this is done in different ways. On the ASUS routers for example, it looks like this:
Related articles:
Do not confuse sharing settings with FTP settings. The FTP server settings on the router have nothing to do with it in this case.
Well, if other devices see the NAS and have access to it, but there is no access to it on a particular computer, then the problem is not on the side of the router. Go through the settings of the "problem" PC in this article.
Antivirus or firewall may be blocking network devices
If your antivirus, or firewall (firewall), which is installed on your computer, did not like something, then it can easily make it so that neither you can see other devices in the network environment, nor can anyone detect you.
True, after disabling the firewall built into the antivirus, the problem was not solved for me. (so it probably isn't the problem), but everything seems to me exactly that in my case it was not without the participation of the antivirus.
Therefore, try to stop the antivirus completely for a while, or at least disable the firewall built into it. (firewall). In NOD 32, this is done like this:
You need to do this to check on all computers that will participate in the local network.
It is possible that you have some other programs installed that can monitor the network and manage network connections.
If it turns out that the problem is in the antivirus, then you need to add your network to the exceptions. Prevent the firewall from blocking the network itself, or network devices.
If you do not have an antivirus, then you can experiment with disabling / enabling the firewall built into Windows.
Working group
The workgroup must be the same on all devices. As a rule, it is. But it's good to check. To do this, open the properties of the computer "System" and go to "Advanced system settings".
It will say "Working Group". To change it, you need to click on the "Edit" button.
Once again: the workgroup name must be the same on all computers.
If you have a problem accessing your NAS (to a flash drive through a router), then in the sharing settings on the same ASUS router, it is also indicated working group. You can see the screenshot above in the article. It should be the same as on the computer.
Problem with accessing a shared network folder via SMB1 in Windows 10 (my solution)
Let's get back to my problem. Everything that I described above, I checked and rechecked already 10 times. I did it a couple of times, but Windows 10 never saw other computers on the network, and most importantly, the shared folder in the form of a flash drive connected to the router did not appear in the explorer. And on other devices on the network, everything was determined without problems. Including my laptop.
Somewhere I read that you can try to open the shared folder through the "Run" window. Pressed the key combination Win + R, entered the address of the network folder //192.168.1.1 (aka router address).
I did not get access to the drive, but an interesting error appeared:
You cannot connect to the shared folder because it is not secure. This shared folder uses the legacy SMB1 protocol, which is insecure and can expose your system to attack.
Your system needs to use SMB2 or later.
This is already interesting. At least something.
SMB (Server Message Block) - network protocol, which is responsible for sharing files, printers, and other network devices.
Began to search. And it turns out that Windows 10 abandoned the SMB1 protocol. Because of security. And the Samba software package installed on my router seems to work using the SMB1 protocol. Therefore, Windows 10 does not see it. But other computers that also work on Windows 10 also did not appear on the "Network" tab for me.
Since I could not update the protocol to SMB2 in the router settings, I decided that I needed to somehow enable SMB1 support in Windows 10. And as it turned out, this can be done without any problems. As a result, after connecting the "SMB 1.0/CIFS Client" component, everything worked for me. The system saw shared folders on computers on the network and a network folder configured on the router itself.
How to enable SMB1 in Windows 10?
Through the search, find and open the old "Control Panel".
Switch to "Small Icons" and open "Programs and Features".
Open "Turn on or off Windows components". We find the item "Support for file sharing SMB 1.0 / CIFS". Open it and check the box next to "SMB 1.0 / CIFS client". Click Ok.
If the computer prompts you to restart, then restart it. If there is no prompt window, then reboot manually.
After the reboot, on the "Network" - "Computer" tab, all available devices on your network should appear.
I would be glad if this article is useful to someone and helps to solve the problem. Do not forget to write in the comments about the results. Or ask a question, where without them 🙂
This fall, Microsoft plans to completely disable the SMBv1 protocol in Windows 10.
The first version of the SMB network protocol was developed by Microsoft a couple of decades ago. The company clearly understands that the days of this technology are numbered long ago.
However, this change will only affect new Windows installation 10. If you just upgrade to Windows 10 Fall Creators Update, the protocol will still remain on the system.
In Windows 10 Insider Preview build 16226, SMBv1 is already completely disabled. The Home and Pro editions removed the server component by default, but the SMB1 client still remains on the system. This means that you can connect to devices using SMB1, but no one will be able to connect to your machine using it. V Enterprise editions and Education SMB1 is completely disabled.
Ned Pyle of Microsoft explained that the main reason for this decision increased security level:
“This is the main, but not the only reason. The old protocol has been replaced by the more functional SMB2, which provides more features. Version 2.02 comes with Windows Server 2008 and is the minimum recommended version of SMB. For maximum security and functionality, you should use SMB version 3.1.1. SMB 1 has long been obsolete.”
Although SMBv1 will still remain on devices updated to the Windows 10 Fall Creators Update, it can be disabled manually.
How to disable SMB1 in Windows 10
- Type Start menu in the search Control Panel and go to Programs and Features.
- In the left menu, select the “Turn Windows features on or off” option.
- Uncheck the box next to " Support for SMB 1.0/CIFS file sharing”.
or with PowerShell:
- Click right click mouse on the start menu, select the option Windows PowerShell(administrator)
- Run the command Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
SMB or Server Message Block is a networking protocol for sharing files, printers and more various devices. There are three versions of SMB - SMBv1, SMBv2, and SMBv3. For security reasons, Microsoft recommends disabling SMB version 1 as it is outdated and uses technology that is almost 30 years old. To avoid infection with ransomware viruses like WannaCrypt, you need to disable SMB1 and install updates for operating system. This protocol is used by Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2 - so network file access will not be available for these OS versions. The same applies to some network storage, scanners, etc.
Disable SMB1 from Control Panel
Start -> Control Panel -> Programs and Features -> Turn Windows features on or off
Disable ‘SMB 1.0/CIFS File Sharing Support’
Disabling SMB1 via Powershell
Open a Powershell console with administrator rights and enter the following command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Disable SMB1 using the Windows Registry
You can also disable SMBv1 by running regedit.exe and moving on to the next section:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersCreate a DWORD in this section SMB1 with meaning 0 .
Values for enabling and disabling SMB1:
- 0 = Off
- 1 = Enabled
After that you need to install the update MS17-010. The update is out for everything Windows versions, including the no longer supported Windows XP and Windows Server 2003.
In conclusion, I would like to say that, despite installed antivirus and regular updates of the operating system, if your data is dear to you, you must first of all think about backup.
Why and how to disable SMB1 in Windows 10/8/7
Due to the recent epidemic WannaCry ransomware, exploiting the SMB v1 vulnerability, tips on disabling this protocol have again appeared on the network. Moreover, Microsoft strongly recommended disabling the first version of SMB back in September 2016. But such a shutdown can lead to unexpected consequences, up to oddities: I personally encountered a company where, after fighting SMB, they stopped playing wireless speakers Sonos.
Especially to minimize the likelihood of a “shot in the foot”, I want to recall the features of SMB and consider in detail what the ill-conceived shutdown of its old versions threatens.
SMB(Server Message Block) - a network protocol for remote access to files and printers. It is he who is used when connecting resources through \servername\sharename. The protocol originally worked over NetBIOS using UDP ports 137, 138 and TCP 137, 139. With the release of Windows 2000, it began to work directly using TCP port 445. SMB is also used to enter and work in an Active Directory domain.
In addition to remote access to resources, the protocol is also used for interprocessor communication through "named streams" - named pipes . The process is accessed along the path \.\pipe\name.
The first version of the protocol, also known as CIFS (Common Internet File System), was created back in the 1980s, but the second version appeared only with Windows Vista, in 2006. The third version of the protocol was released with Windows 8. In parallel with Microsoft, the protocol was created and updated in its open Samba implementation.
In each new version protocol, various improvements were added to increase speed, security and support for new functions. But at the same time, support for older protocols remained for compatibility. Of course, there were and are enough vulnerabilities in older versions, one of which is exploited by WannaCry .
Under the spoiler you will find a summary table of changes in SMB versions.
Version | Operating system | Added, compared to the previous version |
SMB2.0 | Windows Vista/2008 | Changed the number of protocol commands from 100+ to 19 |
The possibility of "conveyor" work - sending additional requests before receiving a response to the previous | ||
Support for symbolic links | ||
HMAC SHA256 message signing instead of MD5 | ||
Increase cache and write / read blocks | ||
SMB 2.1 | Windows 7/2008R2 | Performance improvement |
Larger MTU support | ||
Support for the BranchCache service - a mechanism that caches requests in global network in the local network | ||
SMB3.0 | Windows 8/2012 | Ability to build a transparent failover cluster with load balancing |
Direct memory access (RDMA) support | ||
Management via Powershell cmdlets | ||
VSS support | ||
AES-CMAC signature | ||
AES-CCM encryption | ||
Ability to use network folders for storage virtual machines HyperV | ||
Ability to use network folders for storage Microsoft bases SQL | ||
SMB 3.02 | Windows 8.1/2012R2 | Security and performance improvements |
Automatic balancing in a cluster | ||
SMB 3.1.1 | Windows 10/2016 | Support for AES-GCM encryption |
Integrity check before authentication using SHA512 hash | ||
Mandatory secure negotiation when working with SMB 2.x and higher clients |
We count conditionally victims
Viewing the protocol version currently in use is quite simple, we use the cmdlet for this Get-SmbConnection:
Cmdlet output when open network resources on servers with different version Windows.
The output shows that a client that supports all versions of the protocol uses the highest possible version supported by the server to connect. Of course, if the client only supports old version protocol, and on the server it will be disabled - the connection will not be established. Enable or disable support for older versions in modern Windows systems you can use the cmdlet Set–SmbServerConfiguration, and see the state like this:
Get–SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
Disable SMBv1 on a server running Windows 2012 R2.
Result when connecting with Windows 2003.
Thus, if you disable the old, vulnerable protocol, you can lose the network with old clients. At the same time, in addition to Windows XP and 2003, SMB v1 is also used in a number of software and hardware solutions (for example, a NAS on GNU\Linux using the old version of samba).
Under the spoiler, I will give a list of manufacturers and products that will completely or partially stop working when SMB v1 is disabled.
Manufacturer | Product | A comment |
Barracuda | SSL VPN | |
Web Security Gateway backups | ||
Canon | Scan to network share | |
Cisco | WSA/WSAv | |
WAAS | Versions 5.0 and older | |
F5 | RDP client gateway | |
Microsoft Exchange Proxy | ||
Forcepoint (Raytheon) | "Some Products" | |
HPE | ArcSight Legacy Unified Connector | Old versions |
IBM | NetServer | Version V7R2 and older |
QRadar Vulnerability Manager | Versions 7.2.x and older | |
Lexmark | Firmware eSF 2.x and eSF 3.x | |
Linux Kernel | CIFS Client | From 2.5.42 to 3.5.x |
McAfee | Web Gateway | |
Microsoft | Windows | XP/2003 and older |
MYOB | Accountants | |
Netapp | ONTAP | Versions prior to 9.1 |
NetGear | ReadyNAS | |
Oracle | Solaris | 11.3 and older |
Pulse Secure | PCS | 8.1R9/8.2R4 and older |
PPS | 5.1R9/5.3R4 and older | |
QNAP | All storage devices | Firmware older than 4.1 |
redhat | RHEL | Versions prior to 7.2 |
Ricoh | MFP Scan to Network Share | In addition to some models |
RSA | Authentication Manager Server | |
Samba | Samba | Older than 3.5 |
Sonos | Wireless speakers | |
Sophos | Sophos UTM | |
Sophos XG firewall | ||
Sophos Web Appliance | ||
SUSE | SLES | 11 and older |
Synology | Disk Station Manager | Control only |
Thomson Reuters | CS Professional Suite | |
Tintri | Tintri OS, Tintri Global Center | |
VMware | Vcenter | |
ESXi | Older than 6.0 | |
Worldox | GX3 DMS | |
Xerox | MFP Scan to Network Share | Firmware without ConnectKey Firmware |
The list is taken from the Microsoft website, where it is updated regularly.
The list of products using the old version of the protocol is quite large - before disabling SMB v1, you should definitely think about the consequences.
Still turning it off
If there are no programs and devices using SMB v1 on the network, then, of course, it is better to disable the old protocol. However, if shutdown on SMB Windows server 8/2012 is done using the Powershell cmdlet, then for Windows 7/2008 you will need to edit the registry. This can also be done using Powershell:
Set–ItemProperty –Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 –Type DWORD –Value 0 –Force
Or in any other convenient way. However, a reboot is required to apply the changes.
To disable SMB v1 support on a client, just stop the service responsible for its operation and fix the dependencies of the lanmanworkstation service. This can be done with the following commands:
sc.exe config lanmanworkstation depend=bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start=disabled
For the convenience of disabling the protocol throughout the network, it is convenient to use group policies, in particular Group Policy Preferences. With the help of them, you can conveniently work with the registry.
Creating a registry entry through group policies.
To disable the protocol on the server, just create the following setting:
- value: 0.
path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters;
new parameter: REG_DWORD named SMB1;
Create a registry setting to disable SMB v1 on the server through group policies.
To disable SMB v1 support on clients, you need to change the value of two settings.
First, disable the SMB v1 protocol service:
- value: 4.
path: HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb10;
parameter: REG_DWORD named Start;
Update one of the parameters.
Then we fix the dependency of the LanmanWorkstation service so that it does not depend on SMB v1:
- value: three lines - Bowser, MRxSmb20 and NSI.
path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation;
parameter: REG_MULTI_SZ named DependOnService;
And we replace another.
After application group policy You need to restart your organization's computers. After a reboot, SMB v1 will no longer be used.
Works - don't touch
Oddly enough, this old commandment is not always useful - ransomware and trojans can start up in a rarely updated infrastructure. However, inadvertently shutting down and updating services can paralyze an organization just as much as a virus can.
Tell us, have you already disabled SMB of the first version? Were there many victims?