How to configuration SMB3 and encryption

We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.

To enable SMB encryption for an single file share

 Set-SmbShare –Name -EncryptData $true

To enable SMB encryption on the entire server

 Set-SmbServerConfiguration –EncryptData $true

To create a new SMB file share with encryption enabled

 New-SmbShare –Name -Path –EncryptData $true

On the server you can see what version of SMB each connection is using

 get-smbsession | ft *

From a workstation you can see the SMB version and if its encrypted

 get-smbconnection | ft *

I haven’t been able to view the connections from the server side to see if they are encrypted

reference sites

Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn

SMB security enhancements | Microsoft Docs

How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)

How to enable SMB encryption on Windows Server

Inpowershell, security

Micrsoft Defender for Endpoints

Security URL scanners

Security tools bookmarks

Sync Active directory user data with SharePoint

Microsoft graph API to access sharepoint

SQL upgrades

Collection of build numbers

How to manage the local administrators group on Azure AD joined devices

Azure AD and Windows hello for business, SSO for on-premises resources

How to configuration SMB3 and encryption

Like this:

Leave a ReplyCancel reply