SMB1 is unsafe

SMB1 is unsafe

If you use samba and connect to it via Windows, you might get a message that says:

You can’t connect to the file share because it’s not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.

The right solution is to update the Linux Samba share software/service. Unfortunately, that’s not always possible – especially if the server is not yours. The only recourse is to find another solution, contact the server owner to update it, or accept the risk.  Installing support for SMB1 opens you to the risk of various attacks – including a brutal man-in-the-middle that exposes everything. It’s a good idea to do whatever you need, then disable the protocol, because a compromised server/man-in-the-middle might block safer SMB2.x/3.x protocols which might make your system fall back to the unsafe v1.x without you knowing it.

At any rate, sometimes you have to accept the risk. Here’s how to install/enable smb1 on Windows if all else fails:

  1. Run Powershell command processor in elevated mode (run as admin)
  2. Type the following command:
    get-windowsoptionalfeature -online –featurename smb1protocol
  3. Once SMB has been installed please type the following command to activate it:
  4. enable-windowsoptionalfeature -online –featurename smb1protocol
  5. Once done, press Y and hit enter to restart your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.