Network Access: The Server Message Block (SMB) v1 protocol must be disabled on the SMB client


SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant.


To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MS Security Guide
|_ "Configure SMBv1 client driver" to "Enabled" with "Disable driver (recommended)" selected for "Configure MrxSmb10 driver".

This policy setting requires the installation of the SecGuide custom templates. "SecGuide.admx" and " SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\ folder for domain controllers

Available here: /
or at EventSentry GitHub repository here:

STIG: Server:
2019: /
2016: /

W10: /

NIST 800-53: CM-7a.
NIST 800-171 Rev2: 3.4.6
NIST 800-171 Rev3 FPD: 3.4.2.a, 3.4.6.a, 3.4.6.b, 3.4.6.d
NIST 800-171A: 3.4.6[a], 3.4.6[b]
CMMC v2 L2: CM.L2-3.4.6
CMMC v2.1 L1: AC.L1-b.1.ii
CMMC v2.1 L2: CM.L2-3.4.6
OWASP Top10 v2021: A05:2021
PCI DSS v3.2: 1.1.5,1.2.1, 2.2.2, 2.2.4, 2.2.5
PCI DSS v4.0: 1.2.6, 1.4, 1.4.1, 1.4.2, 2.2.4
CCI: CCI-000381
CIS CSC v8: 4.8
STIG-ID: WN16-00-000412
STIG-Legacy: SV-92831
STIG-Legacy: V-78125
Vuln-ID: V-224858