How to configuration SMB3 and encryption
We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.
To enable SMB encryption for an single file share
Set-SmbShare –Name -EncryptData $true
To enable SMB encryption on the entire server
Set-SmbServerConfiguration –EncryptData $true
To create a new SMB file share with encryption enabled
New-SmbShare –Name -Path –EncryptData $true
On the server you can see what version of SMB each connection is using
get-smbsession | ft *
From a workstation you can see the SMB version and if its encrypted
get-smbconnection | ft *
I haven’t been able to view the connections from the server side to see if they are encrypted
reference sites
SMB security enhancements | Microsoft Docs
How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)
More Stories
Windows and SQL editions comparison
Capturing data on the limits of both windows server and SQL based on the edition for quick reference. Comparison of...
Enable passwordless security key sign-in to on-premises resources by using Azure AD
As we transition to Azure AD computers and leave domain joined PCs behind. Most of our data and applications are...
windows update for business and intune
We are having issues with machines not patching even with the Intune policies set. I'm documenting different post I've found...
Enabled the Lock Screen for inactive users
Quick link from Twitter, don’t want to lose the link https://twitter.com/anoopmannur/status/1497256566206181376?s=21 https://www.anoopcnair.com/set-automatic-lock-screen-for-inactive-device-intune/
Update Compliance Log Analytics
I've been trying to find good reporting on windows feature release and security updates using intune. Setting up compliance log...