How to Enable SMBv1 in Windows Using PowerShell

SMBv1 is an outdated and insecure file‑sharing protocol that Microsoft deprecated years ago. Modern systems should avoid SMBv1 entirely, and in most environments it should remain disabled. However, there are still rare situations – usually involving legacy hardware, old NAS devices, or outdated embedded systems – where enabling SMBv1 temporarily becomes necessary.

This guide explains how to enable SMBv1 using PowerShell, how to automate it in a task sequence or deployment, and why you should disable it again as soon as possible.

Important Warning:
Enabling SMBv1 is a security risk. It exposes your system to vulnerabilities such as ransomware and wormable exploits. Only enable it if you absolutely must, and disable it immediately afterwards. You do this entirely at your own risk.

Why SMBv1 Is Dangerous

SMBv1 is over 30 years old and lacks modern security features. Microsoft removed it from Windows installations by default because it is vulnerable to:

• Remote code execution attacks
• Man‑in‑the‑middle attacks
• Ransomware propagation
• Wormable exploits such as EternalBlue

If you enable SMBv1, you are lowering your system’s security posture. Treat it as a temporary workaround only.

How to Enable SMBv1 Using PowerShell

If you absolutely need SMBv1 enabled, the quickest method is via PowerShell.

Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Run PowerShell as Administrator, paste the command, and reboot if prompted.

Automating SMBv1 Enablement in a Task Sequence or Deployment

If you’re using MDT, SCCM/MECM, or any automated deployment workflow, you can run the same command silently.

Option 1: Run PowerShell Directly in a Task Sequence

Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart

Option 2: Wrap It in a Batch File

powershell.exe -ExecutionPolicy Bypass -Command "Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart"

This is useful when you want consistent behaviour across multiple devices or need to integrate it into an existing automation pipeline.

How to Disable SMBv1 After You’re Done

Once your legacy task is complete, disable SMBv1 immediately:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Or remove the SMBv1 client and server components individually:

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Server

A reboot may be required.

When Might You Need SMBv1?

Although not ideal, SMBv1 may still be required for:

• Very old NAS devices (pre‑2010)
• Legacy industrial equipment
• Old multifunction printers
• Embedded systems without firmware updates
• Windows XP/Server 2003 interoperability

If possible, upgrade or replace the device instead of relying on SMBv1.

Best Practices When Using SMBv1

• Disconnect the device from the internet
• Use a segregated VLAN or isolated network
• Disable SMBv1 immediately after use
• Ensure all other systems are patched
• Avoid using SMBv1 on domain‑joined machines

Glossary

Frequently Asked Questions

Is it safe to enable SMBv1?

No. It is considered unsafe and should only be enabled temporarily and with caution.

Why is SMBv1 disabled by default?

Because it contains multiple unpatchable security vulnerabilities and was exploited in major global ransomware attacks.

Do modern Windows systems support SMBv2 and SMBv3?

Yes — these are secure, modern protocols and should be used whenever possible.

Can I enable SMBv1 without rebooting?

You can install the feature without a restart, but Windows may require a reboot before it becomes active.

What if my device only supports SMBv1?

Consider updating firmware, replacing the device, or isolating it on a secure network segment.

Final Thoughts

Enabling SMBv1 is rarely the right solution – but sometimes it’s the only way to keep a legacy device functioning long enough to migrate or replace it. If you must enable it, do so carefully, automate it cleanly, and disable it as soon as you’re done.