How to Enable SMB1 Safely for Legacy NAS Access on Windows 11
🔍 WiseChecker

How to Enable SMB1 Safely for Legacy NAS Access on Windows 11

by

Quick fix: SMB1 is disabled by default in Windows 11 for security. To enable just the client (for accessing legacy NAS): open Terminal (Admin) and run Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client -NoRestart. Reboot. Don’t enable SMB1 server. Plan to retire the legacy NAS — SMB1 has known critical vulnerabilities.

Your old NAS (Synology DSM 5.x or earlier, QNAP firmware 4.0.x, Buffalo LinkStation pre-2018) only supports SMB1. Windows 11 dropped SMB1 by default after EternalBlue (WannaCry) ransomware exploited SMB1. To still access old NAS, enable just the client portion temporarily.

Symptom: Can’t access legacy NAS or file servers because they only support SMB1 protocol.
Affects: Windows 11 (and Windows 10 1709+).
Fix time: ~10 minutes.

ADVERTISEMENT

What causes this

SMB1 (Server Message Block version 1) is an old file-sharing protocol. It has multiple critical vulnerabilities (EternalBlue, EternalRomance) that led to WannaCry, NotPetya ransomware. Microsoft disabled SMB1 by default starting Windows 10 1709. SMB2/3 replaced it with better performance and security.

Legacy NAS that haven’t been firmware-updated since 2015–2017 may only speak SMB1. To access them from Windows 11, you enable the SMB1 client. Don’t enable the server side — that’s the vulnerable surface.

Method 1: Enable SMB1 client via PowerShell

The recommended route.

  1. Open Terminal (Admin).
  2. Check current state: 
    Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol*

    Lists SMB1Protocol-Client, SMB1Protocol-Server, SMB1Protocol-Deprecation with their states.

  3. Enable client only (NOT server): 
    Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client -NoRestart
  4. Reboot when convenient.
  5. After reboot, you can access SMB1-only shares: \\NAS-Name\Share in File Explorer.
  6. To disable later: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client.
  7. NEVER enable SMB1Protocol-Server. That opens the Windows PC up to network attacks. Server enables sharing files via SMB1 outbound — not needed for accessing legacy NAS.

This is the security-conscious approach.

ADVERTISEMENT

Method 2: Enable via Optional Features GUI

For users who prefer GUI.

  1. Open Settings → Apps → Optional features → More Windows features. (Or run optionalfeatures.)
  2. Find SMB 1.0/CIFS File Sharing Support. Expand the tree.
  3. Tick:
    • SMB 1.0/CIFS Client — for accessing SMB1 servers. Safe to enable.
  4. Do NOT tick:
    • SMB 1.0/CIFS Server — vulnerable surface.
    • SMB 1.0/CIFS Automatic Removal — this auto-removes SMB1 after 15 days of non-use. Leave ticked for security.
  5. Click OK. Restart when prompted.
  6. After reboot, SMB1 shares accessible.

This is the right path for users uncomfortable with PowerShell.

Method 3: Upgrade NAS firmware as long-term fix

SMB1 should be temporary.

  1. Check NAS firmware version: log in to the NAS admin web page. Look for version number in System or About sections.
  2. Visit manufacturer’s support site:
    • Synology: kb.synology.com — DSM 6.x and later support SMB3.
    • QNAP: qnap.com/en-us/download — QTS 4.3.x and later support SMB3.
    • Buffalo: buffalotech.com — check model-specific.
  3. Download newest firmware compatible with your model. Read release notes for breaking changes.
  4. Upgrade NAS firmware via admin panel. Reboot NAS.
  5. Test SMB3 access from Windows with SMB1 client disabled.
  6. If NAS is too old to support modern SMB3: time to replace. Modern NAS (Synology DS220+, QNAP TS-264, others) under $300.
  7. For data migration: backup NAS data to USB drive first, then upgrade or replace.

This is the security-best path. Eliminate SMB1 dependency.

How to verify the fix worked

  • Access the legacy NAS: \\NAS-Name\Share in File Explorer. Should open without “Network path not found” errors.
  • Run Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client | Select-Object State. Should show Enabled.
  • Verify Server is NOT enabled: Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Server | Select-Object State — should be Disabled.

If none of these work

If SMB1 client enabled but access still fails: Wrong path format: use IP instead of name: \\192.168.1.10\Share. NAS name may not resolve via NetBIOS in modern networks. Authentication mismatch: SMB1 used older auth (NTLM). Set Network Security: LAN Manager authentication level via secpol.msc → Local Policies → Security Options. Set to Send LM & NTLM responses if SMB1-era NAS requires it (security risk). Firewall blocking: SMB uses port 445. Verify firewall allows. Test-NetConnection -ComputerName NAS -Port 445. NAS not responding to SMB1: some “SMB1-only” NAS actually support SMB2 if specific firmware is loaded. Check NAS admin web for SMB version setting. For repeated security warnings about SMB1: ignore for legacy access, but plan replacement — SMB1 traffic is unencrypted and vulnerable.

Bottom line: Enable SMB1Protocol-Client only (not Server) via PowerShell or Optional Features. Plan to upgrade or replace the legacy NAS — SMB1 vulnerabilities are critical. Don’t leave SMB1 enabled long-term.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You

© 2026 WiseChecker.com. All rights reserved.