This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences. If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites. Note: When configuring this security setting, changes will not take effect until you restart Windows. Countermeasure: Enable this policy setting and specify at least one supported cipher suite. Potential Impact: One or more of the cipher suites in the cipher suite order may be not supported.

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\Network\Lanman Server\Honor cipher suite order (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanServer!HonorCipherSuiteOrder