none
Is There a Way to ENABLE SMB1 in WinPE (ADK 1709)?

    Question

  • Ok, I now know that the SMB1 protocol is disabled by default in Fall Creators Update.

    Sometimes I am required to map a network share (from WinPE) but am unable to now because of this.

    I use: net use z: \\imagesvr\Image image /user:imagesvr\image

    "You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
    Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747"

    This is a closed network so no security issues. How can I enable SMB1 for WinPE or use SMB2?

    Monday, November 06, 2017 3:50 AM

Answers

  • Fixed it. Updated WinPE offline.

    The features are still there but disabled. Don't know if I need all the below but mapping now works.

    :: ---------- Re-Enable SMB1 Protocol -------------------------------------------------------------------------------
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol-Client
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol-Server

    reg load "HKLM\Winpe" "%WinPE%\mount\Windows\System32\config\default"
    reg Add "HKLM\winpe\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "SMB1" /t REG_DWORD /d "1" /f
    reg unload "HKLM\Winpe"

    • Marked as answer by RobertBad Monday, November 06, 2017 5:11 AM
    Monday, November 06, 2017 5:11 AM

All replies

  • Fixed it. Updated WinPE offline.

    The features are still there but disabled. Don't know if I need all the below but mapping now works.

    :: ---------- Re-Enable SMB1 Protocol -------------------------------------------------------------------------------
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol-Client
    dism /image:%WinPE%\mount /enable-feature /featurename:SMB1Protocol-Server

    reg load "HKLM\Winpe" "%WinPE%\mount\Windows\System32\config\default"
    reg Add "HKLM\winpe\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "SMB1" /t REG_DWORD /d "1" /f
    reg unload "HKLM\Winpe"

    • Marked as answer by RobertBad Monday, November 06, 2017 5:11 AM
    Monday, November 06, 2017 5:11 AM
  • There is an easier way: http://vacuumbreather.com/index.php/blog/item/46-disabling-smbv1-in-winpe-through-mdt (mind you, the article describes how to disable SMB1, but the general approach stays the same....)

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Monday, November 06, 2017 6:09 AM
  • Here is how to do this the "cool" way using UpdateExit.vbs script: http://www.vacuumbreather.com/index.php/blog/item/54-enabling-smbv1-in-mdt-winpe-boot-images

    I tested the script and it seems to be sufficient to just enable SMB1Protocol feature. If not, you can add additional features to this array:

    For each sRole in Array("SMB1Protocol")


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Proposed as answer by Anton Romanyuk Monday, November 06, 2017 9:26 AM
    Monday, November 06, 2017 9:26 AM
  • Thanks.

    Don't know why I didn't think of the server I am connecting too. It's running SVR 2003!

    Connecting to 2012 R2 & there's no issue. DOH! Anyway, perhaps this info will help others...

    There are several different versions of SMB used by Windows operating systems:

    • CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
    • SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
    • SMB 2.0 (or SMB2) – The version used in Windows Vista (SP1 or later) and Windows Server 2008
    • SMB 2.1 (or SMB2.1) – The version used in Windows 7 and Windows Server 2008 R2
    • SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
    • SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2

    Tuesday, November 07, 2017 11:41 PM