Microsoft network server: Digitally sign communications (if client agrees)ID: oval:org.secpod.oval:def:56621 | Date: (C)2019-07-05 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Digitally sign communications (always) setting is not enabled.
Note Enable this policy setting on SMB clients on your network to make them fully effective for packet signing with all clients and servers in your environment.
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Microsoft network server: Digitally sign communications (if client agrees)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters!enablesecuritysignature
Platform: |
Microsoft Windows Server 2019 |