
How to configuration SMB3 and encryption
We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.
To enable SMB encryption for an single file share
Set-SmbShare –Name -EncryptData $true
To enable SMB encryption on the entire server
Set-SmbServerConfiguration –EncryptData $true
To create a new SMB file share with encryption enabled
New-SmbShare –Name -Path –EncryptData $true
On the server you can see what version of SMB each connection is using
get-smbsession | ft *
From a workstation you can see the SMB version and if its encrypted
get-smbconnection | ft *
I haven’t been able to view the connections from the server side to see if they are encrypted
reference sites
Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn
SMB security enhancements | Microsoft Docs
How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)
More Stories
Micrsoft Defender for Endpoints
We use Microsoft Defender for endpoints on our physical workstations. I'm now looking at it for our servers. The servers...
Sync Active directory user data with SharePoint
If you want to sync standard common attributes from active directory to sharepoint. Its easy, AD sync to Azure AD...
Microsoft graph API to access sharepoint
Recently I've had to setup a few different app registration using Azure AD to access sharepoint sites. Once you get...
SQL upgrades
We have a few SQL servers that need to be upgraded before they go end of life. We are looking...
How to manage the local administrators group on Azure AD joined devices
After a device is deployed likely using autopilot, sometime you have a need to add an AzureAD user to the...
Azure AD and Windows hello for business, SSO for on-premises resources
We disabled WFB when we first rolled out autopilot because we are not ready to deploy and support passwordless at...