Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft to Enable SMB Signing By Default to Boost Security on Windows 11

Microsoft has announced some important changes coming to Server Message Block (SMB) signing on Windows 11 Enterprise edition. Starting with the latest Windows 11 Insider Canary Build, SMB signing is now required by default for all connections.

Server Message Block is a client-server communication protocol that allows users to share access to resources such as files, printers, and serial ports on a network or remote servers. Meanwhile, SMB signing is a security feature in Windows that adds a digital signature to authenticate communication between the client and server.

Microsoft explained that the SMB signing requirement changes should help to protect Windows 11 users against NTLM relay attacks. The SMB signing feature is designed to prevent threat actors from tempering SMB packets during data transmission.

“This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape,” explained Microsoft Principal Program Manager Ned Pyle.

Microsoft to Enable SMB Signing By Default to Boost Security on Windows 11 — Source: Microsoft

SMB signing requirement changes could impact performance

Microsoft notes that the upcoming changes could potentially impact the performance of SMB copy operations on Windows 11 PCs. Users will be able to address the problem by buying a faster CPU or adding more CPU cores/virtual CPUs.

Additionally, Microsoft warned that users might encounter errors (such as 0xc000a000 and -1073700864) while connecting to a remote share on a third-party SMB server that lacks support for the SMB signing capability. The company recommends customers to configure the feature on the third-party SMB server.

IT Pros can disable SMB signing on Windows 11

However, it will be up to the IT admins to turn off the SMB signing requirement in server and client connectors. To do this, they will need to run the following PowerShell commands:

Set-SmbClientConfiguration -RequireSecuritySignature $false
Set-SmbServerConfiguration -RequireSecuritySignature $false

Microsoft plans to roll out the new default change for SMB signing to Windows 11 Education, Pro, and other editions as well as Windows Server later this year. “Depending on how things go in Insiders, it will then start to appear in major releases,” Pyle added. You can find more details about the change on Microsoft’s support page.

by Rabia Noureen
Last Update: Jun 15, 2023
Jun 5, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Upgrade to Windows 11 – The Road Ahead

Nov 28, 2023
What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
Microsoft to Release Windows 11 LTSC in the Second Half of 2024

Apr 28, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.