Hướng dẫn active win server 2023 r2
Windows Server 2012 là hệ điều hành dành cho máy chủ được phát triển bởi Microsoft. Nó là một phiên bản Windows 8 và nối tiếp phiên bản Windows Server 2008 R2. Windows Server 2012 là phiên bản Windows Server đầu tiên không hỗ trợ cho các máy tính dựa nền tảng kiến trúc Itanium từ lúc ra đời Windows NT 4.0. Show
Nội dung: Một phiên bản phát triển thử nghiệm (phiên bản Beta) được công bố vào ngày 9 tháng 9 năm 2011 tới các lập trình viên phát triển. Vào ngày 1 tháng 3 năm 2012, Microsoft phát hành phiên bản Beta công cộng beta (build 8250). Windows Server 2012 gồm 4 phiên bản: Datacenter, Standard, Essential, Foundation. Hãng loại bỏ 2 phiên bản dành cho người dùng doanh nghiệp vừa và nhỏ là Windows Small Business Server, Windows Home Server. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
In this articleApplies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 11, Windows 10, Windows 8.1, Windows 8 This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components. While disabling or removing SMBv1 might cause some compatibility issues with old computers or software, SMBv1 has significant security vulnerabilities, and we strongly encourage you not to use it. SMB 1.0 isn't installed by default in any edition of Windows 11 or Windows Server 2019 and later. SMB 1.0 also isn't installed by default in Windows 10, except Home and Pro editions. We recommend that instead of reinstalling SMB 1.0, you update the SMB server that still requires it. For a list of third parties that require SMB 1.0 and their updates that remove the requirement, review the SMB1 Product Clearinghouse. Disabling SMBv2 or SMBv3 for troubleshootingWe recommend keeping SMBv2 and SMBv3 enabled, but you might find it useful to disable one temporarily for troubleshooting. For more information, see . In Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012, disabling SMBv3 deactivates the following functionality:
In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:
The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008, while the SMBv3 protocol was introduced in Windows 8 and Windows Server 2012. For more information about SMBv2 and SMBv3 capabilities, see the following articles:
How to remove SMBv1 via PowerShellHere are the steps to detect, disable and enable SMBv1 client and server by using PowerShell commands with elevation. Note The computer will restart after you run the PowerShell commands to disable or enable SMBv1.
Tip You can detect SMBv1 status, without elevation, by running:
6. Windows Server 2012 Windows Server 2012 R2, Windows Server 2016, Windows Server 2019: Server Manager methodTo remove SMBv1 from Windows Server:
Windows 8.1, Windows 10, and Windows 11: Add or Remove Programs methodTo disable SMBv1 for the mentioned operating systems:
How to detect status, enable, and disable SMB protocolsNote When you enable or disable SMBv2 in Windows 8 or Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack. Windows 8 and Windows Server 2012 introduced the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. You don't have to restart the computer after you run the Set-SMBServerConfiguration cmdlet. SMBv1
For more information, see Server storage at Microsoft. SMB v2/v3
For Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor. Additional PowerShell methodsNote This method requires PowerShell 2.0 or later. SMBv1 on SMB ServerDetect:
Default configuration = Enabled (No registry named value is created), so no SMB1 value will be returned Disable:
0 Enable:
1 Note You must restart the computer after you make these changes. For more information, see Server storage at Microsoft. SMBv2/v3 on SMB ServerDetect:
2 Disable:
3 Enable:
4 Note You must restart the computer after you make these changes. Registry EditorImportant Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur. To enable or disable SMBv1 on the SMB server, configure the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
5 To enable or disable SMBv2 on the SMB server, configure the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
6 Note You must restart the computer after you make these changes. Here is how to detect status, enable, and disable SMB protocols on the SMB Client that is running Windows 10, Windows Server 2019, Windows 8.1, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. SMBv1 on SMB Client
For more information, see Server storage at Microsoft SMB v2/v3 on SMB Client
Note
Disable SMBv1 by using Group PolicyThis section introduces how to use Group Policy to disable SMBv1. You can use this method on different versions of Windows. SMBv1This procedure configures the following new item in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
To use Group Policy to configure this, follow these steps:
In the New Registry Properties dialog box, select the following:
This procedure disables the SMBv1 Server components. This Group Policy must be applied to all necessary workstations, servers, and domain controllers in the domain. Note WMI filters can also be set to exclude unsupported operating systems or selected exclusions, such as Windows XP. Important Be careful when you make these changes on domain controllers on which legacy Windows XP or older Linux and third-party systems (that don't support SMBv2 or SMBv3) require access to SYSVOL or other file shares where SMB v1 is being disabled. SMB v1To disable the SMBv1 client, the services registry key needs to be updated to disable the start of MRxSMB10, and then the dependency on MRxSMB10 needs to be removed from the entry for LanmanWorkstation so that it can start normally without requiring MRxSMB10 to first start. This guidance updates and replaces the default values in the following two items in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10 Registry entry: Start REG_DWORD: 4= Disabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation Registry entry: DependOnService REG_MULTI_SZ: "Bowser","MRxSmb20″,"NSI" Note The default included MRxSMB10 which is now removed as dependency. To configure this by using Group Policy, follow these steps:
Auditing SMBv1 usageTo determine which clients are attempting to connect to an SMB server with SMBv1, you can enable auditing on Windows Server 2016, Windows 10, and Windows Server 2019. You can also audit on Windows 7 and Windows Server 2008 R2 if the May 2018 monthly update is installed, and on Windows 8.1 and Windows Server 2012 R2 if the July 2017 monthly update is installed.
When SMBv1 auditing is enabled, event 3000 appears in the "Microsoft-Windows-SMBServer\Audit" event log, identifying each client that attempts to connect with SMBv1. SummaryIf all the settings are in the same GPO, Group Policy Management displays the following settings. Testing and validationAfter completing the configuration steps in this article, allow the policy to replicate and update. As necessary for testing, run gpupdate /force at a command prompt, and then review the target computers to make sure that the registry settings are applied correctly. Make sure SMBv2 and SMBv3 are functioning for all other systems in the environment. |