Controlling SMB Dialects

Heya folks, Ned here again. As part of a small series on esoteric settings, today I'm going to explain control client dialects in Windows 10 and 2019.


Dialects are simply significant versions – just like dialects within human languages – that allow a client and server to agree on conversation behaviors. For example, the SMB 3.1.1 dialect came with Windows 10 and 2016. These dialects allow assignment of various capabilities like , signing algorithms, multichannel connections, etc. When the SMB client initially connects to a destination server, it negotiates the matched and required set of capabilities. 

1. The SMB client says “I support all these dialects and capabilities”:

Annotation 2019-09-17 144004.png

2. The SMB server responds, “Let's use the highest one we both support, in this case SMB 3.1.1”

Annotation 2019-09-17 141436.png

If you're having trouble sleeping, I suggest reading our simple SMB2 NEGOTIATE spec.


Sheesh, our protocol docs…

Annotation 2019-09-17 162411.png

Who cares?

There are times when you might want to require a minimum or maximum dialect, such as when using older networking equipment that might not understand later protocols. Or you might want to enforce the latest protocol for security reasons and not rely on servers to know what's safest for clients.

Windows 1709 and later SMB dialect control

Starting in build 1709 (RS3) you get fine-grained control over protocol in the SMB client. When I say client, I mean a “computer acting as the SMB client”, not the Windows edition; this article applies equally to .

There are two DWORD value names to create and modify values on:


The valid hex values are:


As you might have guessed, this is setting SMB 2.0.2, 2.1.0, 3.0.0, 3.0.2, and 3.1.1 dialects.

Important: SMB1 cannot be controlled here and you should have long since uninstalled it if Windows didn't do it for you.

You set the MinSMB2Dialect to the lowest allowed dialect and the MaxSMB2Dialect to the highest allowed dialect. For example, this setting makes the client send only the SMB 3 family of traffic and prevents use of SMB 2.x:

MinSMB2Dialect: 0x000000300
MaxSMB2Dialect: 0x000000311

They can also be equal – for instance, if you wanted to require just the absolute latest, most secure version of SMB, 3.1.1:

Annotation 2019-09-17 141149.png

If you don't set the MaxSMB2Dialect value, everything above the minimum will be negotiated; this is a good way to be future proof if we decided to make an “SMB 4” someday. These registry changes work on the fly for new connections, no reboot or service restart needed.

How it looks on the wire

Here I have forced only the SMB 3 dialect family. Notice now how instead of sending all the dialects in my negotiate request, I only send three now.

Annotation 2019-09-17 145123.png

Here I have forced the SMB client to only use the SMB 2 family because I am using an outdated WAN appliance packet shaper that doesn't support SMB 3. In this response packet, the server agreed to use SMB 2.1. Notice also how my capabilities have changed – I cannot use multichannel, persistent handles, directory leasing, or anymore because SMB 2.1 doesn't support those features.

Annotation 2019-09-17 140341.png

You can use this dialect control to work with that WAN appliance temporarily until you update its firmware (and you'd better!)


If you mistype the values to ones that don't exist, the SMB server will refuse the connection with error “Invalid Parameter”. Don't do that.

Annotation 2019-09-17 141027.png

If you set a minimum SMB dialect not supported by your servers, you won't connect anymore, with error “not supported” and “ path not found”. Here I have forced my SMB client to only support SMB 3.1.1 then I connected to a Windows Server 2008 machine:

Annotation 2019-09-17 141313.png

Annotation 2019-09-17 141523.png

Don't do that either.


I hope this clarified SMB's dialect negotiation behaviors and maybe saved you come follicles someday. SMB is ubiquitous and isn't just for Windows; both the Linux kernel and MacOS broadly used have built-in SMB clients. In the past 7 days alone, our Win10 telemetry observed 30 billion SMB connections. Understanding how it works is an extremely useful skill. I recommend simply running Wireshark or Message Analyzer and using SMB in your lab to understand what normal conversations look like. You can also read our complete robot-lawyer full on-the-wire specification if you enjoy pain.

Until next time,

Ned “parser” Pyle


This article was originally published by Microsoft’s Server Storage at Microsoft Blog. You can find the original article here.