In a recent announcement, Microsoft unveiled significant updates to the Server Message Block (SMB) protocol, a foundational component for file and printer sharing in Windows environments that Visuality Systems integrates into any operating system as if it was native. This development, introduced in Windows 11 Insider preview Build 25992 (Canary), brings two key features to the forefront: support for alternative ports and changes to firewall rules.
SMB Alternative Ports
Traditionally, SMB servers have relied on the IANA-registered port TCP/445, with limited flexibility. However, with the latest changes, Windows 11 Insider now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. This represents a substantial departure from the longstanding hard-coded and unalterable port configurations.
Users can now connect to alternative TCP, QUIC, and RDMA ports as long as the SMB server is configured to support the desired port. This can be achieved through mapped drive commands such as NET USE or New-SmbMapping, with future releases promising additional methods like Group Policy, PowerShell, or DNS SRV records. Importantly, administrators have the flexibility to control and even block the use of SMB client alternative ports through Group Policy.
SMB Firewall Rule Changes
Now, Windows introduces the “File and Printer Sharing (Restrictive)” group, eliminating inbound NetBIOS ports 137-139. This move enhances default network security and aligns SMB firewall rules more closely with the “File Server” role behavior on Windows Server, minimizing open ports to the essential ones required for sharing.
Visuality Systems’ Integration
Leveraging its long-lasting partnership with Microsoft, Visuality Systems fully supports the alternative ports feature in all its SMB protocol solutions: YNQ, jNQ, NQ Storage and QUIC File Manager, the first SMB over QUIC application running on Android. The multi-platform integration provides users with enhanced flexibility and configurability, especially in scenarios where alternative TCP ports or SMB over QUIC are preferred.
While the current updates mark a significant stride toward improving Windows and Windows Server security, Microsoft plans to continue enhancing firewall rules. Future updates aim to remove inbound ICMP, LLMNR, and Spooler Service ports, further restricting access to only essential ports required for SMB sharing. This initiative underscores Microsoft’s dedication to fortifying the security posture of its operating systems in response to modern cybersecurity challenges.
In conclusion, Microsoft’s recent SMB protocol updates signify a pivotal step toward bolstering both connectivity and security within Windows environments. The collaboration with Visuality Systems as a trusted ally ensures seamless integration of alternative ports support beyond Windows, emphasizing the commitment to providing users with adaptable and secure file and printer sharing solutions.