How to: Disable Server Message Block

Servers in the perimeter network should have all unnecessary protocols disabled, including server message block (SMB). Web servers and Domain Name System (DNS) servers do not require SMB. This protocol should be disabled to counter the threat of user enumeration.

To disable SMB

  1. On the Start menu, point to Settings, and then click Network and Dial-up Connections.

    Right-click Internet facing connection, and then click Properties.

  2. Select the Client for Microsoft Networks check box, and then click Uninstall.

  3. Follow the uninstall steps.

  4. Select File and Printer Sharing for Microsoft Networks, and then click Uninstall.

  5. Follow the uninstall steps.

To disable SMB on servers accessible from the Internet

  • In the Local Area Connection properties, use the Transmission Control Protocol/Internet Protocol (TCP/IP) properties dialog box to remove File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks.