Microsoft network server: Digitally sign communications (if client agrees)ID: oval:org.secpod.oval:def:8833 | Date: (C)2013-01-21 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Microsoft network server: Digitally sign communications (if client agrees) setting should be configured correctly.
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Digitally sign communications (always) setting is not enabled. Note Enable this policy setting on SMB clients on your network to make them fully effective for packet signing with all clients and servers in your environment.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees)
(2) KEY: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\EnableSecuritySignature
Platform: |
Microsoft Windows Server 2008 R2 |