This way you can still share files securely with the SMB protocol

Since Microsoft rolled out the April 2018 update, it is no longer possible to connect to your NAS and access files. Even in the current October 2018 update, this option is not available. For an important reason, by the way, but it needs some explanation. To connect to a NAS from a Windows computer, you can use different protocols. The SMB (Server Message Block) protocol is most commonly used for this.

The SMB protocol has been around since the 1990s and has now arrived at version 3.1.1. Many older NAS still offer the 1.0 protocol, also known as CIFS, Common Internet Files. The protocol was devised at a time when threats from the Internet barely existed. We have all experienced that times have changed.

01 Leak and unsafe

The SMB protocol itself is fine to use, but version 1 has too many limitations and is also prone to so-called man-in-the-middle attacks. If your PC gets infected, it's easy to spread the infection using SMB's 1.0 protocol, because extra layers of security and control are missing in this protocol. That's the main reason Microsoft has discouraged the use of version 1.0 of SMB since 2014. Until recently, however, it was simply possible to access NAS, but also, for example, shared printers or media players in your network via this version of the protocol from Windows. However, since April of this year, Microsoft has disabled the SMB1.0 protocol. As a result, users of devices with this protocol can no longer access shared folders (shares) on a NAS, or can suddenly no longer connect to a shared printer in the network.

02 Use SMB 2.0 or higher

It is therefore advisable to use version 2.0 or higher for your NAS. As mentioned, the latest version is 3.1.1, but chances are that your nas - if it is a bit older - does not support this version. Version 2.0 is then the most logical to choose, but if your NAS has higher versions, then you choose it anyway. Windows 10 can easily handle version 3.1.1. But how do you know which protocol your NAS supports? You can request this information via the web interface of your browser. With most NAS you can reach the web interface via the IP address that the device has received. You type the ip address preceded by // in the address bar of your browser, for example //192.168.2.10. You must now log in with the username and password.

Where you can find the protocol settings depends on the brand of NAS you are using. We'll give you two examples to get you started, but the actual location where you'll find the settings can vary by brand and model. We'll show you the settings for a Synology and QNAP NAS.

03 Synology

If you have a Synology NAS with DMS software, go to Control Panel and choose your File Services. Click on the tab SMB / AFP and then the button Advanced. Here you can set the protocol, whereby for safety you can: Minimum SMB Port for SMB2, and for Maximum SMB port also for SMB2.

04 QNAP

With a QNAP NAS you choose Control Panel and Network and File Services. Then you choose Win / Mac / NFS and adjust the option Highest version on to SMB 2 or SMB 3.

Still using SMB 1.0?

We can imagine that you don't want to say goodbye to the SMB 1.0 protocol right away. For example, because you first want to back up files from your old NAS that only supports the older protocol. By default, Microsoft has disabled version 1.0 of the protocol in Windows 10, but it is relatively easy to enable. This is how you do it: go to the Control Panel and choose Programs and Parts. In the left side of the window, choose Enable or disable Windows features. Scroll through the list to the option SMB 1.0/CIFS File Sharing Support. Then check the boxes SMB 1.0/CIFS Client and SMB 1.0/CIFSServer. You will then have to restart the computer. After the restart you can use the old protocol again. Please note: we recommend that you disable the protocol again when you are done. This is done in the same way as above, with the only difference that of course you remove the check marks from the options mentioned.

05 Shared Folders in Windows

When sharing files in Windows itself, you don't have to worry about the default. Windows 10 automatically uses the latest protocol. However, it may be that - for example after a major update - it is no longer possible to access files in your network. In that case, Windows 10 has disabled the network discovery feature. Network discovery allows Windows computers to find each other within the same network and allows for the sharing of files and folders, for example. You check if network discovery is enabled by the command Network status when you have the Windows Start menu open and then press Enter. You will then arrive at the network properties screen. There you choose the option at the bottom Network Center. You can also left-click on your network icon at the bottom right of the taskbar.

06 Network sharing

You now arrive at the settings of your network. Click on the link on the left Change advanced sharing settings. In the next screen you can indicate for different networks whether you want to enable folder sharing. Windows can use different settings for each type of network. For example, if you travel a lot with your laptop and use public networks, you obviously don't want other users to be able to access your files or find your computer. In that case, add the type of network Guest or Public all settings. You then select the options Disable Network Discovery and Disable file and printer sharing.

If you are connected to your home network and you want to be able to see your other devices in your own home network, then turn on the options mentioned correctly. If you have disabled network discovery, it is not possible to find other computers in the network based on the name of that computer.

But if you know the computer name, it is still possible to go to a so-called UNC path to a shared folder on that computer via the Explorer, even if network discovery is disabled. For example, if you set the path \STUDYPC\C$\Windows in the bar in the Explorer you can – if you have the correct rights – still get to that folder. That function is separate from Network Discovery, because the latter option only indicates that your computer cannot be found if you click Network in the Explorer.

Please note, as a user you must have been granted access to that folder from the administrator of the PC you are connecting to. By default, when opening a UNC path, a Windows login screen appears, in which you have to enter your username and password.

07 Allow access to folders

In order to give others access to your folders, you must have given permission. An exception to this is computers that are logged on to a domain on a Windows network, where a domain administrator always has access to the folders on computers on the network. At home you normally do not use a domain, but a workgroup. A workgroup does not have a general administrator account, so access to computers must be arranged per machine. You can also only give permissions to a folder via an administrator account. An ordinary user can start the sharing action, but will then receive a message that the administrator password must be entered. Give access as follows: right-click the folder you want to share and choose the option Grant access to. You can now give someone else access. You can grant permissions to someone who already has an account on the computer of the folder to be shared; so you cannot choose an account name from another computer. By default, Windows 10 already specifies the current user account (indicated as Owner), after all, it has access anyway. Select the desired account from the list and click on it. A confirmation screen will then appear, confirm the question with Yes, share these items. After that, you have to enter your own administrator account one more time to implement the settings.

08 Advanced sharing

The user who has now been granted access now has read permissions to the folder by default. You can't change that while assigning a user, but if you now go back to Grant access to goes, and then chooses Specific people, you can adjust the read and write permissions. Click on the arrow next to Permission Level to change the rights of the selected user.

If you choose the read and write option, a user may open, place and delete files. The read-only option allows a user to only view or open the files, but not save changes or create new files.

Homegroup

You may have noticed that you also see the Homegroup option in the context menu in the Explorer. A HomeGroup was actually a simplified version of a domain network in a home environment, where you could link multiple computers together through a central administrator account. However, Microsoft has removed the HomeGroup option from the last Windows 10 version (April 2018 update), but apparently forgot to remove this option everywhere. If you click Grant access to > Homegroup however, you will see that nothing happens. So it makes no sense to use this option.

Give everyone access

Although this option does not appear in the list of user accounts, you can also share shared folders with anyone on your home network. Windows also has an account Everybody. The option Everybody can be useful if you don't feel like assigning local accounts or don't want other computers to log in to access a shared folder. You can give everyone access as follows: right-click on the folder, choose Grant access to and then Specific people. In the input field you can now Everybody type and then click the button Add click. The option will now appear in the list. You can now also grant the rights to all users: read or read and write.

Note, never use this option if you are connecting to a public network and you have indicated in the Network and Sharing Center that you want to enable file and printer sharing for that network. Anyone who can see your computer on that network can theoretically access the global shared folder. After all, the Everyone option indicates that no specific user account is associated with the shared folder.

Recent Posts