It is safer to open the smb service under windows 10 and 11

Original link:


After starting to use mac computer, file synchronization between windows and mac became some problem. I turned my attention to the smb protocol, and planned to use the windows computer as the server, and other devices as the client to use the smb protocol to connect to share files. However, smb is basically not very safe. After searching for some information on the Internet, it is basically done. I feel relatively safe and convenient. The following is my tossing process.

More schemes refer to this article: Thanks to the original author!

close smb1.0

win + s search windows function to find SMB 1.0/CIFS 文件共享支持is confirmed to be off

Create a local user dedicated to smb shares

Use this user share to control the permissions of this user

win + s search计算管理

Follow the path in the picture to enter:

系统工具=>本地用户和组=>用户Right Click, Create New User

Then fill in the relevant information, remember below

  • Uncheck Require password change at next login
  • Check User cannot change password
  • Check the password does not expire

Then click OK

Assign permissions to users

win + s to search for local security policy

Follow the path in the figure to enter:


Access this computer from the network


You can delete the default everyone and user users (does not affect the remote desktop)

Then click添加用户或组below =>高级=>立即查找

Find the user you just created in the search results below, double-click to add, and then confirm all the way

Deny logins locally and deny logins via Remote Desktop Services

Use the same place and method in the previous section to find the same method of拒绝本地登录to add the user you just created, and confirm all the way

Deny local login: that is, do not allow specific users to log in on this computer

Also find the same method of拒绝通过远程桌面服务登录, all the way to determine

Deny login via Remote Desktop Services: This account is not allowed to log in to the system using Remote Desktop

After this setting is completed, this user can only use smb sharing, which is our purpose

Some group policy settings that make transport more secure

win + s search for组策略, open组策略

ps If the windows version is the home version, there is no security policy, please upgrade to the windows professional version, or look for upgrade tutorials online, be careful of viruses

I won’t say the path, just follow the location in the picture to find it

  • Disable “Enable insecure guest login”

  • Communication digital signature related
  • ban printer
  • IMPORTANT!!!!网络访问:本地账户的共享和安全模型set to classic

Turn on network sharing (protected sharing)

win + s search for高级共享设置

The network of ps windows is divided into two types, one is called公用and the other is专用. The difference between the two is that the公用is generally

It is to use the computer in a public network environment. Windows settings will be more secure. Of course, it is not so convenient to share files.专用is generally used in a network that you trust, and it is more inclined to your own. sharing of things

Note which network is currently in use when changing

  1. The network discovery setting can be turned off, so that others just can’t search your computer directly, you need to connect through IP, which is more secure
  2. Turn on file and printer sharing, this must be turned on, otherwise the file cannot be shared

Others are set according to the picture

Finishing, setting up a shared folder

In one location, create a new folder to put things that need to be shared by smb, of course, existing folders can also be

Right click on the folder (file),属性=>高级共享

Check the共享此文件夹, the共享名here is the name of the folder you see in smb

Then click permissions, delete everyone user, click添加to add the previously created user in the same way as above, and then tick the permissions below.

In this way, windows as the smb server is set up. Put the folder files that need to be shared into the shared folder we set, or after setting the folder to be shared, use other devices in the same network to connect

This article is reprinted from:
This site is for inclusion only, and the copyright belongs to the original author.