On this page, you supply information about the selected server and the clients with which it communicates.
This security setting determines whether packet signing is required by the server message block (SMB) server component.
The SMB protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To help prevent attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing.
Notes | |
|
Important | |
Using SMB packet signing can degrade performance up to 15 percent on file service transactions. |
Registry key
-
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
Associated security setting
- Microsoft network server: Digitally sign
communications (always)
Providing inaccurate information might disrupt communication between the selected server and other computers on the network.
For more information about this security setting, see "Microsoft network server: Digitally sign communications (always)" (http://go.microsoft.com/fwlink/?LinkId=91043).