How to configuration SMB3 and encryption
We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.
To enable SMB encryption for an single file share
Set-SmbShare –Name -EncryptData $true
To enable SMB encryption on the entire server
Set-SmbServerConfiguration –EncryptData $true
To create a new SMB file share with encryption enabled
New-SmbShare –Name -Path –EncryptData $true
On the server you can see what version of SMB each connection is using
get-smbsession | ft *
From a workstation you can see the SMB version and if its encrypted
get-smbconnection | ft *
I haven’t been able to view the connections from the server side to see if they are encrypted
reference sites
SMB security enhancements | Microsoft Docs
How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)
More Stories
Least privileged roles by task in Azure Active Directory
As we continue to improve our process and work through least privileged roles. I find this Microsoft doc to be...
Windows and SQL editions comparison
Capturing data on the limits of both windows server and SQL based on the edition for quick reference. Comparison of...
Enable passwordless security key sign-in to on-premises resources by using Azure AD
As we transition to Azure AD computers and leave domain joined PCs behind. Most of our data and applications are...
windows update for business and intune
We are having issues with machines not patching even with the Intune policies set. I'm documenting different post I've found...
Enabled the Lock Screen for inactive users
Quick link from Twitter, don’t want to lose the link https://twitter.com/anoopmannur/status/1497256566206181376?s=21 https://www.anoopcnair.com/set-automatic-lock-screen-for-inactive-device-intune/