在 Windows 中使用 Azure 文件共享Use an Azure file share with Windows

Azure 文件是易于使用的云文件系统。Azure Files is an easy-to-use cloud file system. 可以在 Windows 和 Windows Server 中无缝使用 Azure 文件共享。Azure file shares can be seamlessly used in Windows and Windows Server. 本文介绍在 Windows 和 Windows Server 中使用 Azure 文件共享时的注意事项。This article discusses the considerations for using an Azure file share with Windows and Windows Server.

若要在某个 Azure 文件共享的托管 Azure 区域(例如本地或其他 Azure 区域)外部使用该文件共享,OS 必须支持 SMB 3.0。In order to use an Azure file share outside of the Azure region it is hosted in, such as on-premises or in a different Azure region, the OS must support SMB 3.0.

可在 Azure VM 或本地运行的 Windows 安装中使用 Azure 文件共享。You can use Azure file shares on a Windows installation that is running either in an Azure VM or on-premises. 下表说明了哪些 OS 版本支持在哪个环境中访问文件共享:The following table illustrates which OS versions support accessing file shares in which environment:

Windows 版本Windows version SMB 版本SMB version 可以在 Azure VM 中装载Mountable in Azure VM 可以在本地装载Mountable on-premises
Windows Server 2019Windows Server 2019 SMB 3.0SMB 3.0 Yes Yes
Windows 101Windows 101 SMB 3.0SMB 3.0 Yes Yes
Windows Server 半年通道2Windows Server semi-annual channel2 SMB 3.0SMB 3.0 Yes Yes
Windows Server 2016Windows Server 2016 SMB 3.0SMB 3.0 Yes Yes
Windows 8.1Windows 8.1 SMB 3.0SMB 3.0 Yes Yes
Windows Server 2012 R2Windows Server 2012 R2 SMB 3.0SMB 3.0 Yes Yes
Windows Server 2012Windows Server 2012 SMB 3.0SMB 3.0 Yes Yes
Windows 73Windows 73 SMB 2.1SMB 2.1 Yes No
Windows Server 2008 R23Windows Server 2008 R23 SMB 2.1SMB 2.1 Yes No

1Windows 10 版本 1507、1607、1709、1803、1809、1903 和 1909。1Windows 10, versions 1507, 1607, 1709, 1803, 1809, 1903, and 1909.
2Windows Server 版本 1809、1903 和 1909。2Windows Server, versions 1809, 1903, and 1909.
3Microsoft 对 Windows 7 和 Windows Server 2008 R2 的常规支持已结束。3Regular Microsoft support for Windows 7 and Windows Server 2008 R2 has ended. 只有通过扩展安全更新 (ESU) 程序才能购买对安全更新的附加支持。It is possible to purchase additional support for security updates only through the Extended Security Update (ESU) program. 我们强烈建议从这些操作系统中迁移。We strongly recommend migrating off of these operating systems.

Note

我们始终建议使用相对于 Windows 版本来说最新的 KB。We always recommend taking the most recent KB for your version of Windows.

先决条件Prerequisites

  • 存储帐户名:若要装载 Azure 文件共享,需要存储帐户的名称。Storage account name: To mount an Azure file share, you will need the name of the storage account.

  • 存储帐户密钥:若要装载 Azure 文件共享,需要主(或辅助)存储密钥。Storage account key: To mount an Azure file share, you will need the primary (or secondary) storage key. 目前不支持使用 SAS 密钥进行装载。SAS keys are not currently supported for mounting.

  • 确保端口 445 处于打开状态:SMB 协议要求 TCP 端口 445 处于打开状态;如果端口 445 已被阻止,连接将会失败。Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. 可以使用 Test-NetConnection cmdlet 检查防火墙是否阻止了端口 445。You can check to see if your firewall is blocking port 445 with the Test-NetConnection cmdlet. 可以在此处了解如何通过各种方式来解决端口 445 被阻止的问题You can learn about various ways to workaround blocked port 445 here.

    以下 PowerShell 代码假设已安装 Azure PowerShell 模块。有关详细信息,请参阅安装 Azure PowerShell 模块The following PowerShell code assumes you have the Azure PowerShell module installed, see Install Azure PowerShell module for more information. 请记得将 <your-storage-account-name><your-resource-group-name> 替换为存储帐户的相关名称。Remember to replace <your-storage-account-name> and <your-resource-group-name> with the relevant names for your storage account.

    $resourceGroupName = "<your-resource-group-name>"
    $storageAccountName = "<your-storage-account-name>"
    
    # This command requires you to be logged into your Azure account, run Login-AzAccount -Environment AzureChinaCloud if you haven't
    # already logged in.
    $storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
    
    # The ComputerName, or host, is <storage-account>.file.core.chinacloudapi.cn for Azure China Regions.
    Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445
    

    如果连接成功,应会看到以下输出:If the connection was successful, you should see the following output:

    ComputerName     : <storage-account-host-name>
    RemoteAddress    : <storage-account-ip-address>
    RemotePort       : 445
    InterfaceAlias   : <your-network-interface>
    SourceAddress    : <your-ip-address>
    TcpTestSucceeded : True
    

    Note

    以上命令返回存储帐户的当前 IP 地址。The above command returns the current IP address of the storage account. 无法保证此 IP 地址相同,它随时可能更改。This IP address is not guaranteed to remain the same, and may change at any time. 不要在任何脚本或防火墙配置中对此 IP 地址进行硬编码。Do not hardcode this IP address into any scripts, or into a firewall configuration.

在 Windows 中使用 Azure 文件共享Using an Azure file share with Windows

若要在 Windows 中使用某个 Azure 文件共享,必须装载该文件共享(为其分配驱动器号或装载点路径),或通过其 UNC 路径来访问它。To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.

与其他可以交互的 SMB 共享(例如,托管在 Windows Server、Linux Samba 服务器或 NAS 设备上的共享)不同,Azure 文件共享目前不支持对 Active Directory (AD) 或 Azure Active Directory (AAD) 标识使用 Kerberos 身份验证,不过,我们正在开发此功能。Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on. 必须使用包含 Azure 文件共享的存储帐户的存储帐户密钥访问该 Azure 文件共享。Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. 存储帐户密钥是存储帐户的管理员密钥,包括对所要访问的文件共享中的所有文件和文件夹的管理员权限,以及对存储帐户中包含的所有文件共享和其他存储资源(Blob、队列、表等)的管理员权限。A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc.) contained within your storage account.

将预期需要 SMB 文件共享的业务线 (LOB) 应用程序直接迁移到 Azure 的常见模式是使用 Azure 文件共享,而不是在 Azure VM 中运行专用的 Windows 文件服务器。A common pattern for lifting and shifting line-of-business (LOB) applications that expect an SMB file share to Azure is to use an Azure file share as an alternative for running a dedicated Windows file server in an Azure VM. 成功迁移业务线应用程序以使用 Azure 文件共享的一个重要注意事项是,许多业务线应用程序在具有有限系统权限的专用服务帐户的上下文中运行,而不是在 VM 的管理帐户下运行。One important consideration for successfully migrating a line-of-business application to use an Azure file share is that many line-of-business applications run under the context of a dedicated service account with limited system permissions rather than the VM's administrative account. 因此,必须确保装载/保存服务帐户上下文(而不是管理帐户)中 Azure 文件共享的凭据。Therefore, you must ensure that you mount/save the credentials for the Azure file share from the context of the service account rather than your administrative account.

在 Windows 中保存 Azure 文件共享凭据Persisting Azure file share credentials in Windows

使用 cmdkey 实用工具可在 Windows 中存储存储帐户凭据。The cmdkey utility allows you to store your storage account credentials within Windows. 这意味着,在尝试通过 Azure 文件共享的 UNC 路径访问该文件共享或装载 Azure 文件共享时,不需要指定凭据。This means that when you try to access an Azure file share via its UNC path or mount the Azure file share, you will not need to specify credentials. 若要保存存储帐户的凭据,请运行以下 PowerShell 命令(适当替换 <your-storage-account-name><your-resource-group-name>)。To save your storage account's credentials, run the following PowerShell commands, replacing <your-storage-account-name> and <your-resource-group-name> where appropriate.

$resourceGroupName = "<your-resource-group-name>"
$storageAccountName = "<your-storage-account-name>"

# These commands require you to be logged into your Azure account, run Login-AzAccount -Environment AzureChinaCloud if you haven't
# already logged in.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
$storageAccountKeys = Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName

# The cmdkey utility is a command-line (rather than PowerShell) tool. We use Invoke-Expression to allow us to 
# consume the appropriate values from the storage account variables. The value given to the add parameter of the
# cmdkey utility is the host address for the storage account, <storage-account>.file.core.chinacloudapi.cn for Azure 
# China Regions.
Invoke-Expression -Command ("cmdkey /add:$([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) " + `
    "/user:AZURE\$($storageAccount.StorageAccountName) /pass:$($storageAccountKeys[0].Value)")

可以使用 list 参数来验证 cmdkey 实用工具是否已存储存储帐户的凭据:You can verify the cmdkey utility has stored the credential for the storage account by using the list parameter:

cmdkey /list

如果已成功存储 Azure 文件共享的凭据,预期输出将如下所示(列表中可能会存储其他密钥):If the credentials for your Azure file share are stored successfully, the expected output is as follows (there may be additional keys stored in the list):

Currently stored credentials:

Target: Domain:target=<storage-account-host-name>
Type: Domain Password
User: AZURE\<your-storage-account-name>

现在,应该可以装载或访问该共享,而无需提供其他凭据。You should now be able to mount or access the share without having to supply additional credentials.

高级 cmdkey 场景Advanced cmdkey scenarios

对于 cmdkey,需要考虑到其他两种场景:在计算机上存储另一用户(例如某个服务帐户)的凭据,以及使用 PowerShell 远程连接在远程计算机上存储凭据。There are two additional scenarios to consider with cmdkey: storing credentials for another user on the machine, such as a service account, and storing credentials on a remote machine with PowerShell remoting.

可以轻松地在计算机上存储另一用户的凭据:只需在登录到帐户后执行以下 PowerShell 命令即可:Storing the credentials for another user on the machine is easy: when logged into your account, simply execute the following PowerShell command:

$password = ConvertTo-SecureString -String "<service-account-password>" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "<service-account-username>", $password
Start-Process -FilePath PowerShell.exe -Credential $credential -LoadUserProfile

这会在服务帐户(或用户帐户)的用户上下文中打开一个新的 PowerShell 窗口。This will open a new PowerShell window under the user context of your service account (or user account). 然后,可以根据前面所述使用 cmdkey 实用工具。You can then use the cmdkey utility as described above.

但是,无法使用 PowerShell 远程连接在远程计算机上存储凭据,因为在用户通过 PowerShell 远程连接登录后,cmdkey 不允许访问其凭据存储,即使是在添加组件时。Storing the credentials on a remote machine using PowerShell remoting is not however possible, as cmdkey does not allow access, even for additions, to its credential store when the user is logged in via PowerShell remoting. 我们建议使用远程桌面登录到计算机。We recommend logging into the machine with Remote Desktop.

使用 PowerShell 装载 Azure 文件共享Mount the Azure file share with PowerShell

在常规的(权限未提升的)PowerShell 会话中运行以下命令来装载 Azure 文件共享。Run the following commands from a regular (not an elevated) PowerShell session to mount the Azure file share. 请记得将 <your-resource-group-name><your-storage-account-name><your-file-share-name><desired-drive-letter> 替换为适当的信息。Remember to replace <your-resource-group-name>, <your-storage-account-name>, <your-file-share-name>, and <desired-drive-letter> with the proper information.

$resourceGroupName = "<your-resource-group-name>"
$storageAccountName = "<your-storage-account-name>"
$fileShareName = "<your-file-share-name>"

# These commands require you to be logged into your Azure account, run Login-AzAccount -Environment AzureChinaCloud if you haven't
# already logged in.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
$storageAccountKeys = Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
$fileShare = Get-AzStorageShare -Context $storageAccount.Context | Where-Object { 
    $_.Name -eq $fileShareName -and $_.IsSnapshot -eq $false
}

if ($fileShare -eq $null) {
    throw [System.Exception]::new("Azure file share not found")
}

# The value given to the root parameter of the New-PSDrive cmdlet is the host address for the storage account, 
# <storage-account>.file.core.chinacloudapi.cn for Azure China Regions. 
$password = ConvertTo-SecureString -String $storageAccountKeys[0].Value -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "AZURE\$($storageAccount.StorageAccountName)", $password
New-PSDrive -Name <desired-drive-letter> -PSProvider FileSystem -Root "\\$($fileShare.StorageUri.PrimaryUri.Host)\$($fileShare.Name)" -Credential $credential -Persist

Note

New-PSDrive cmdlet 中使用 -Persist 选项只允许在启动时重新装载文件共享(如果已保存凭据)。Using the -Persist option on the New-PSDrive cmdlet will only allow the file share to be remounted on boot if the credentials are saved. 可根据前面所述,使用 cmdkey 来保存凭据。You can save the credentials using the cmdkey as previously described.

如果需要,可以使用以下 PowerShell cmdlet 卸载 Azure 文件共享。If desired, you can dismount the Azure file share using the following PowerShell cmdlet.

Remove-PSDrive -Name <desired-drive-letter>

使用文件资源管理器装载 Azure 文件共享Mount the Azure file share with File Explorer

Note

请注意,以下说明是在 Windows 10 上显示的,在较旧的版本上可能稍有不同。Note that the following instructions are shown on Windows 10 and may differ slightly on older releases.

  1. 打开文件资源管理器。Open File Explorer. 可以从“开始”菜单打开,也可以按 Win+E 快捷键打开文件资源管理器。This can be done by opening from the Start Menu, or by pressing Win+E shortcut.

  2. 导航到窗口左侧的“此电脑”项。Navigate to the This PC item on the left-hand side of the window. 这样会更改功能区中的可用菜单。This will change the menus available in the ribbon. 在“计算机”菜单中,选择“映射网络驱动器”。Under the Computer menu, select Map network drive.

    “映射网络驱动器”下拉菜单的屏幕截图

  3. 选择驱动器号并输入 UNC 路径,UNC 路径格式为 <storageAccountName>.file.core.chinacloudapi.cn/<fileShareName>Select the drive letter and enter the UNC path, the UNC path format is <storageAccountName>.file.core.chinacloudapi.cn/<fileShareName>. 例如:anexampleaccountname.file.core.chinacloudapi.cn/example-share-nameFor example: anexampleaccountname.file.core.chinacloudapi.cn/example-share-name.

    “映射网络驱动器”对话框的屏幕截图

  4. 使用带 AZURE\ 前缀的存储帐户名称作为用户名,使用存储帐户密钥作为密码。Use the storage account name prepended with AZURE\ as the username and a storage account key as the password.

    网络凭据对话框的屏幕快照

  5. 根据需要使用 Azure 文件共享。Use Azure file share as desired.

    Azure 文件共享现已装载

  6. 做好卸载 Azure 文件共享的准备后,可在文件资源管理器中右键单击“网络位置”下对应于共享的条目,并选择“断开连接”。 When you are ready to dismount the Azure file share, you can do so by right-clicking on the entry for the share under the Network locations in File Explorer and selecting Disconnect.

从 Windows 访问共享快照Accessing share snapshots from Windows

如果已手动或通过脚本或 Azure 备份等服务自动获取共享快照,则可以从 Windows 上的文件共享查看以前版本的共享、目录或特定文件。If you have taken a share snapshot, either manually or automatically through a script or service like Azure Backup, you can view previous versions of a share, a directory, or a particular file from file share on Windows. 可以通过 Azure 门户Azure PowerShellAzure CLI 创建共享快照。You can take a share snapshot from the Azure portal, Azure PowerShell, and Azure CLI.

列出以前版本List previous versions

浏览到需要还原的项或父项。Browse to the item or parent item that needs to be restored. 通过双击转到所需的目录。Double-click to go to the desired directory. 右键单击,然后从菜单中选择“属性”。Right-click and select Properties from the menu.

所选目录的右键单击菜单

选择"以前版本”,以查看此目录的共享快照列表。Select Previous Versions to see the list of share snapshots for this directory. 列表可能需要几秒钟才能加载,具体要取决于网速和目录中共享快照的数量。The list might take a few seconds to load, depending on the network speed and the number of share snapshots in the directory.

“以前版本”选项卡

可以选择“打开”以打开特定快照。You can select Open to open a particular snapshot.

打开的快照

从以前版本还原Restore from a previous version

选择“还原”,以递归方式将整个目录在共享快照创建时包含的内容复制到原始位置。Select Restore to copy the contents of the entire directory recursively at the share snapshot creation time to the original location.

警告消息中的“还原”按钮

保护 Windows/Windows ServerSecuring Windows/Windows Server

若要在 Windows 上装载 Azure 文件共享,端口 445 必须可访问。In order to mount an Azure file share on Windows, port 445 must be accessible. 由于 SMB 1 固有的安全风险,许多组织会阻止端口 445。Many organizations block port 445 because of the security risks inherent with SMB 1. SMB 1(也称为通用 Internet 文件系统,简称 CIFS)是 Windows 和 Windows Server 中随附的一个传统文件系统协议。SMB 1, also known as CIFS (Common Internet File System), is a legacy file system protocol included with Windows and Windows Server. SMB 1 是一个已过时的低效协议,最重要的是,它不安全。SMB 1 is an outdated, inefficient, and most importantly insecure protocol. 好消息是 Azure 文件不支持 SMB 1,所有支持的 Windows 和 Windows Server 版本允许删除或禁用 SMB 1。The good news is that Azure Files does not support SMB 1, and all supported versions of Windows and Windows Server make it possible to remove or disable SMB 1. 我们始终强烈建议在生产环境中使用 Azure 文件共享之前,删除或禁用 Windows 中的 SMB 1 客户端和服务器。We always strongly recommend removing or disabling the SMB 1 client and server in Windows before using Azure file shares in production.

下表提供了有关每个 Windows 版本上 SMB 1 状态的详细信息:The following table provides detailed information on the status of SMB 1 each version of Windows:

Windows 版本Windows version SMB 1 默认状态SMB 1 default status 禁用/删除方法Disable/Remove method
Windows Server 2019Windows Server 2019 已禁用Disabled 使用 Windows 功能删除Remove with Windows feature
Windows Server 版本 1709+Windows Server, versions 1709+ 已禁用Disabled 使用 Windows 功能删除Remove with Windows feature
Windows 10 版本 1709+Windows 10, versions 1709+ 已禁用Disabled 使用 Windows 功能删除Remove with Windows feature
Windows Server 2016Windows Server 2016 EnabledEnabled 使用 Windows 功能删除Remove with Windows feature
Windows 10 版本 1507、1607 和 1703Windows 10, versions 1507, 1607, and 1703 EnabledEnabled 使用 Windows 功能删除Remove with Windows feature
Windows Server 2012 R2Windows Server 2012 R2 EnabledEnabled 使用 Windows 功能删除Remove with Windows feature
Windows 8.1Windows 8.1 EnabledEnabled 使用 Windows 功能删除Remove with Windows feature
Windows Server 2012Windows Server 2012 EnabledEnabled 使用注册表禁用Disable with Registry
Windows Server 2008 R2Windows Server 2008 R2 EnabledEnabled 使用注册表禁用Disable with Registry
Windows 7Windows 7 EnabledEnabled 使用注册表禁用Disable with Registry

审核 SMB 1 使用情况Auditing SMB 1 usage

适用于 Windows Server 2019、Windows Server 半年通道(版本 1709 和 1803)、Windows Server 2016、Windows 10(版本 1507、1607、1703、1709 和 1803)、Windows Server 2012 R2 和 Windows 8.1Applies to Windows Server 2019, Windows Server semi-annual channel (versions 1709 and 1803), Windows Server 2016, Windows 10 (versions 1507, 1607, 1703, 1709, and 1803), Windows Server 2012 R2, and Windows 8.1

在环境中删除 SMB 1 之前,可以审核 SMB 1 使用情况,以确定所做的更改是否会中断任何客户端。Before removing SMB 1 in your environment, you may wish to audit SMB 1 usage to see if any clients will be broken by the change. 如果针对使用 SMB 1 的 SMB 共享发出了任何请求,将在事件日志中的 Applications and Services Logs > Microsoft > Windows > SMBServer > Audit 下面记录一个审核事件。If any requests are made against SMB shares with SMB 1, an audit event will be logged in the event log under Applications and Services Logs > Microsoft > Windows > SMBServer > Audit.

Note

若要在 Windows Server 2012 R2 和 Windows 8.1 上启用审核支持,至少应安装 KB4022720To enable auditing support on Windows Server 2012 R2 and Windows 8.1, install at least KB4022720.

若要启用审核,请在权限提升的 PowerShell 会话中执行以下 cmdlet:To enable auditing, execute the following cmdlet from an elevated PowerShell session:

Set-SmbServerConfiguration –AuditSmb1Access $true

从 Windows Server 中删除 SMB 1Removing SMB 1 from Windows Server

适用于 Windows Server 2019、Windows Server 半年通道(版本 1709 和 1803)、Windows Server 2016、Windows Server 2012 R2Applies to Windows Server 2019, Windows Server semi-annual channel (versions 1709 and 1803), Windows Server 2016, Windows Server 2012 R2

若要从 Windows Server 实例中删除 SMB 1,请在权限提升的 PowerShell 会话中执行以下 cmdlet:To remove SMB 1 from a Windows Server instance, execute the following cmdlet from an elevated PowerShell session:

Remove-WindowsFeature -Name FS-SMB1

若要完成删除过程,请重启服务器。To complete the removal process, restart your server.

Note

从 Windows 10 和 Windows Server 版本 1709 开始,默认不会安装 SMB 1,SMB 1 客户端和 SMB 1 服务器有独立的 Windows 功能。Starting with Windows 10 and Windows Server version 1709, SMB 1 is not installed by default and has separate Windows features for the SMB 1 client and SMB 1 server. 我们始终建议保持卸载 SMB 1 服务器 (FS-SMB1-SERVER) 和 SMB 1 客户端 (FS-SMB1-CLIENT)。We always recommend leaving both the SMB 1 server (FS-SMB1-SERVER) and the SMB 1 client (FS-SMB1-CLIENT) uninstalled.

从 Windows 客户端中删除 SMB 1Removing SMB 1 from Windows client

适用于 Windows 10(版本 1507、1607、1703、1709 和 1803)和 Windows 8.1Applies to Windows 10 (versions 1507, 1607, 1703, 1709, and 1803) and Windows 8.1

若要从 Windows 客户端中删除 SMB 1,请在权限提升的 PowerShell 会话中执行以下 cmdlet:To remove SMB 1 from your Windows client, execute the following cmdlet from an elevated PowerShell session:

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

若要完成删除过程,请重启电脑。To complete the removal process, restart your PC.

在早期版本的 Windows/Windows Server 上禁用 SMB 1Disabling SMB 1 on legacy versions of Windows/Windows Server

适用于 Windows Server 2012、Windows Server 2008 R2 和 Windows 7Applies to Windows Server 2012, Windows Server 2008 R2, and Windows 7

无法在早期版本的 Windows/Windows Server 上完全删除 SMB 1,但可以通过注册表将其禁用。SMB 1 cannot be completely removed on legacy versions of Windows/Windows Server, but it can be disabled through the Registry. 若要禁用 SMB 1,请创建 DWORD 类型的新注册表项 SMB1,并在 HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > LanmanServer > Parameters 下面添加值 0To disable SMB 1, create a new registry key SMB1 of type DWORD with a value of 0 under HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > LanmanServer > Parameters.

也可以使用以下 PowerShell cmdlet 轻松实现此目的:You can easily accomplish this with the following PowerShell cmdlet as well:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force

创建此注册表项以后,必须重启服务器才能禁用 SMB 1。After creating this registry key, you must restart your server to disable SMB 1.

SMB 资源SMB resources

后续步骤Next steps

请参阅以下链接,获取有关 Azure 文件的更多信息:See these links for more information about Azure Files: