Windows server 2016-给共享文件服务器安装AD活动目录，不要提升为域控制器

By default SMB version 1.0 is enabled in Windows Server 2016. As this was last needed in Windows XP and Windows Server 2003 it’s quite old, 

SMB version  Supported since  New features
CIFS  Windows NT 4.0  Communication via NetBIOS interface
SMB 1.0  Windows 2000  Direct connection via TCP
SMB 2.0  Windows Vista, Windows Server 2008, Samba 3.5  Various performance upgrades, improved message signing, caching function for file properties
SMB 2.1  Windows 7, Windows Server 2008 R2  Locking mechanisms
SMB 3.0  Windows 8, Windows Server 2012,Samba 4.0  Multi-channel connections, end-to-end encryption, remote storage access
SMB 3.0.2  Windows 8.1,Windows Server 2012 R2   
SMB 3.1.1  Windows 10, Windows Server 2016, Samba 4.3  Integrity check, AES-128 encryption with Galois/Counter Mode (GCM)

PS C:\Users\Administrator> Get-SmbServerConfiguration


AnnounceComment                 :
AnnounceServer                  : False
AsynchronousCredits             : 512
AuditSmb1Access                 : False
AutoDisconnectTimeout           : 15
AutoShareServer                 : True
AutoShareWorkstation            : True
CachedOpenLimit                 : 10
DurableHandleV2TimeoutInSeconds : 180
EnableAuthenticateUserSharing   : False
EnableDownlevelTimewarp         : False
EnableForcedLogoff              : True
EnableLeasing                   : True
EnableMultiChannel              : True
EnableOplocks                   : True
EnableSecuritySignature         : False
EnableSMB1Protocol              : True
EnableSMB2Protocol              : True
EnableStrictNameChecking        : True
EncryptData                     : False
IrpStackSize                    : 15
KeepAliveTime                   : 2
MaxChannelPerSession            : 32
MaxMpxCount                     : 50
MaxSessionPerConnection         : 16384
MaxThreadsPerQueue              : 20
MaxWorkItems                    : 1
NullSessionPipes                :
NullSessionShares               :
OplockBreakWait                 : 35
PendingClientTimeoutInSeconds   : 120
RejectUnencryptedAccess         : True
RequireSecuritySignature        : False
ServerHidden                    : True
Smb2CreditsMax                  : 8192
Smb2CreditsMin                  : 512
SmbServerNameHardeningLevel     : 0
TreatHostAsStableStorage        : False
ValidateAliasNotCircular        : True
ValidateShareScope              : True
ValidateShareScopeNotAliased    : True

Brief History:

SMB -> CIFS -> SMB2 -> SMB2.1 -> SMB3 -> SMB 3.02 -> SMB3.11

* SMB – 1980s – used by PC-DOS 1984, LAN Manager – 1988, Implemetned on Unix and other operating systems (part of the OS or as a suite like Samba version 1)
* CIFS – 1996 – used by Windows NT 4.0 in 1996, IETF draft – Common Internet Filesystem in 1997, SNIA Technical Specification in 1999
* Back to SMB – 2000
* SMB 2.0 (or SMB2) – 2008
* SMB 2.1 (or SMB2.1) – 2010
* SMB 3.0 (or SMB3) – 2012
* SMB 3.0.2 (or SMB3.02)
* SMB 3.11 (or SMB3.11)

 

IPC$(Internet Process Connection)是共享"命名管道"的资源，它是为了让进程间通信而开放的命名管道，通过提供可信任的用户名和口令，连接双方可以建立安全的通道并以此通道进行加密数据的交换，从而实现对远程计算机的访问。IPC$是NT/2000的一项新功能，它有一个特点，即在同一时间内，两个IP之间只允许建立一个连接。NT/2000在提供了ipc$功能的同时，在初次安装系统时还打开了默认共享，即所有的逻辑共享(c$,d$,e$……)和系统目录winnt或windows(admin$)共享。

 net stop lanmanserver 关闭ipc$和默认共享依赖的服务