locked
Do I need to Restart After Disabling SMBv1 Via GPO Registry Change RRS feed

  • Question

  • Hello,

    I have applied a GPO to disable SMBv1 via registry entry (applying to Server 2012 R2 mostly). After doing a gpupdate /force I can see that querying Get-SmbServerConfiguration I see that SMBv1 is set to false. I'm told that I still need to restart the computer to take the effect. Is this true? And does anyone have documentation to back this up if or if it is not true.

    Thursday, May 11, 2017 7:22 PM

All replies

  • Hi mofayew,

    After we apply gpo, there will almost certainly be times when you need to make a change to a GPO and have it update immediately. Normally a logout/login should be sufficient after gpupdate /force. But based on my knowledge, sometime gpupdate is not enough for some gpos. Especially, when we applying policy on computer settings, a reboot is always required. If user configuration, gpupdate /force, a log on log off will suffice most of the time.

    And as far as I know, SMB configuration is Security Policies and we change on the computer settings. So you may need to restart the computer.

    In addition, for more professional support about group policy, you could also discussed in Our group policy forum.

    Here is a issue discussed before, that gpupdate /force is not enough, maybe you could also take a look.

    https://social.technet.microsoft.com/Forums/office/en-US/516986c2-c489-4005-920a-0406f80da2d6/gp-doesnt-apply-until-i-use-gpupdate-force?forum=winserverGP

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 12, 2017 5:10 AM
  • You are giving me a "maybe" answer. Basically I see the change is there after a gpupdate /force, but wondering if there could be any existing SMB connections using v1 that won't disconnect until after a restart? I'm not entirely clear on how SMB works. Or does making that registry change disconnect any existing SMBv1 connections without a restart?
    Friday, May 12, 2017 6:36 PM
  • Hi mofayew,

    Thanks for your feedback.

    I suggest you could also check the KB below. You need to restart the computer after you make
    these changes on SMB

    https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Mary Dong Monday, May 15, 2017 3:28 AM
    • Proposed as answer by Mary Dong Friday, June 2, 2017 7:46 AM
    Monday, May 15, 2017 3:00 AM
  • Hi,You may mark the reply which you think is helpful as answer, so that the reply can be highlighted.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 2, 2017 7:56 AM