====== Windows: connections to a SMB1 SMB2 shares ======
\\

Use as administrator:

**powershell**
<file bash>
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Enable-NetFirewallRule -Group "@FirewallAPI.dll,-28502"
</file>

<file bash>
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
</file>

<file bash>
Write-Host "Configurazione SMB1 per Windows 11 24H2..." -ForegroundColor Green

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "RequireSecuritySignature" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "EnableSecuritySignature" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "EnablePlainTextPassword" -Value 1 -Type DWord

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinClientSec" -Value 0x20000000 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "NtlmMinServerSec" -Value 0x20000000 -Type DWord

Write-Host "Riavvio servizi..." -ForegroundColor Yellow
Stop-Service -Name "LanmanWorkstation" -Force
Start-Service -Name "LanmanWorkstation"

Write-Host "Configurazione completata!" -ForegroundColor Green
</file>

**cmd**
<file bash>
REM Abilita accesso guest non sicuro
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f

REM Disabilita firma digitale SMB
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "EnableSecuritySignature" /t REG_DWORD /d 0 /f

REM Abilita password in chiaro
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "EnablePlainTextPassword" /t REG_DWORD /d 1 /f

REM CORREZIONE NTLM - da verificare meglio
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v "NtlmMinClientSec" /t REG_DWORD /d 0x20000000 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v "NtlmMinServerSec" /t REG_DWORD /d 0x20000000 /f

REM Riavvia servizi
net stop LanmanWorkstation
net start LanmanWorkstation
</file>

**gpedit.msc**
<file bash>
> ComputerConfiguration > Administrative templates > Network > Lanman Workstation 
--> ENABLE insecure guest logons

> Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.
--> DISABLE Microsoft network client: Digitally sign communications (always)

> Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.
--> DISABLE Microsoft Network Client: Digitally sign communications (if server agrees)
</file>

**Scripts completi per diagnosi e fix** 
\\ {{ :public:files:smb1.zip |}}

---\\ return to gimbo wiki [[:start|home page]]
~~NOCACHE~~