wocintech (microsoft) - 209

How to configuration SMB3 and encryption

We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.

To enable SMB encryption for an single file share

 Set-SmbShare –Name -EncryptData $true 

To enable SMB encryption on the entire server

 Set-SmbServerConfiguration –EncryptData $true 

To create a new SMB file share with encryption enabled

 New-SmbShare –Name -Path –EncryptData $true 

On the server you can see what version of SMB each connection is using

 get-smbsession | ft * 

From a workstation you can see the SMB version and if its encrypted

 get-smbconnection | ft * 

I haven’t been able to view the connections from the server side to see if they are encrypted

reference sites

SMB security enhancements | Microsoft Docs

How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: