This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SMB) protocol provides the basis for file and print sharing and other networking operations, such as remote Windows administration. The SMB protocol supports validating the SMB server service principal name (SPN) within the authentication blob provided by a SMB client to prevent a class of attacks against SMB servers referred to as SMB relay attacks. This setting will affect both SMB1 and SMB2. This security setting determines the level of validation a SMB server performs on the service principal name (SPN) provided by the SMB client when trying to establish a session to an SMB server. This policy setting controls the level of validation a computer with shared folders or printers performs on the service principal name provided by the client computer when it establishes a session using the server message block (SMB) protocol

[Off/Accept if provided by client/Required from client]

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Microsoft network server: Server SPN target name validation level (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters!SMBServerNameHardeningLevel