When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft makes SMB signing mandatory with Windows 11 Canary build 25381

windows 11 inside preview written next to a virtual laptop running Windows 11

Microsoft has released the latest Windows 11 build for Insiders on the Canary channel today. The new build 25381 brings a major change in SMB (Server Message Block) signing. Previously SMB singing was not mandatory but with the latest build, Windows 11, Windows 10 and Server will require SMB signing by default. This change has been made to improve the security, Microsoft says.

The changelog for build 25381 is given below:

What’s new in Build 25381

SMB signing requirement changes

Beginning with Windows 11 Insider Preview Build 25381 Enterprise editions, SMB signing is now required by default for all connections. This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape.

All versions of Windows and Windows Server support SMB signing. But a third-party might disable or not support it. If you attempt to connect to a remote share on a third-party SMB server that that does not allow SMB signing, you may receive the one of following error messages:

  • 0xc000a000
  • -1073700864
  • STATUS_INVALID_SIGNATURE
  • The cryptographic signature is invalid.

To resolve this issue, configure your third-party SMB server to support SMB signing. This is Microsoft’s official recommended guidance. Do not disable SMB signing in Windows or use SMB1 to work around this behavior (SMB1 supports signing but does not enforce it). An SMB device that does not support signing allows interception and relay attacks from malicious parties.

SMB signing can reduce the performance of SMB copy operations. You can mitigate this with more physical CPU cores or virtual CPUs as well as newer, faster CPUs.

To see the current SMB signing settings, run the following PowerShell commands:

Get-SmbServerConfiguration | fl requiresecuritysignature

Get-SmbClientConfiguration | fl requiresecuritysignature

To disable the requirement for SMB signing in client (outbound to other device) connections, run the following PowerShell command as an elevated administrator:

Set-SmbClientConfiguration -RequireSecuritySignature $false

To disable the requirement for SMB signing in server (on Windows 11 Insider Preview Build 25381 and higher with Enterprise edition devices), run the following PowerShell command as an elevated administrator:

Set-SmbServerConfiguration -RequireSecuritySignature $false

No reboot is required but existing SMB connections will still use signing until they are closed.

For more information on this change, visit https://aka.ms/SMBSigningOBD.

Changes and Improvements

[General]

  • If a camera streaming issue is detected such as a camera failing to start or a closed camera shutter, a pop-up dialog will appear with the recommendation to launch the automated Get Help troubleshooter to resolve the issue.

You can find the official blog post here.

Report a problem with article
8bitdo arcade stick
Next Article

Play Street Fighter 6 and Mortal Kombat 1 with this new wireless Xbox and PC arcade stick

Microsoft teams zoom controls
Previous Article

The Microsoft Teams public preview adds zoom button support for screenshare in meetings

Join the conversation!

Login or Sign Up to read and post a comment.

7 Comments - Add comment