Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2012 R2 / Traffic Encryption in SMB 3.0

June 2, 2017 Windows Server 2012 R2

Traffic Encryption in SMB 3.0

In the version of the Server Message Block (SMB) 3.0 protocol introduced in Windows Server 2012 / Windows 8, it became possible to encrypt data transferred over the network between the SMB file server and the clients. Data are encrypted transparently from the client’s point of view and doesn’t require any significant organization or resources, unlike the implementation of VPN, IPSec or PKI infrastructure. In the latest version of SMB 3.1.1 (used in Windows 10 and Windows Server 2016), AES 128 GCM type of encryption is used, and the performance of the algorithm is significantly increased. In addition, automatic data signing and verification are performed.

Let’s consider the aspects of the implementation of SMB encryption in Windows Server 2012. First of all, you have to understand that if a client and a server support different SMB versions, when connection is established between a client and a server the highest SMB version supported both by the client and the server is selected. It means that all clients running earlier Windows versions than Windows 8 / Server 2012 won’t be able to interact with the network folder  that has SMB encryption enabled.

On the file server, you can get the version of the SMB protocol used by clients (the version of the protocol used is shown in the Dialect column):

Get-SmbConnection

Get-SmbConnection - used SMB protocol versions

By default, the encryption of SMB traffic is disabled on Windows Server 2012 file server. You can enable the encryption individually for each SMB share or all SMB connections.

If you have to enable encryption for the specific directory, open Server Manager console on your server and go to File and Storage Services –> Shares. Select the desired shared folder and open its properties. Then go to the Settings tab and enable Encrypt Data Access. Save the changes. windows server 2012 Encrypt Data Access SMB Share

You can also enable SMB encryption from PowerShell console. Enable the encryption for one share:

Set-SmbShare –Name Install -EncryptData $true

Or for all SMB connections to the server (to shared folders or administrative resources):

Set-SmbServerConfiguration –EncryptData $true

Set-SmbServerConfiguration –EncryptData $true

After SMB encryption for a network share is enabled, all legacy clients (earlier than Windows 8) will not be able to connect to this share, since they do not support SMB 3.0. To allow these Windows clients to access the share (as a rule, it is a temporary access, otherwise there is no sense to enable the encryption), you can allow to connect to the server without encryption:

Set-SmbServerConfiguration –RejectUnencryptedAccess $false

Tip. After this mode is enabled, a connecting client can switch to the out-of-date version SMB 1.0, which is not secure (in Windows Server 2012 R2, SMB 1.0 is already disabled by default.) In this case, in order to partially secure you server, it is better to disable SMB 1.0 support:
Set-SmbServerConfiguration –EnableSMB1Protocol $false

0 comment
0
Facebook Twitter Google + Pinterest
previous post
Windows 7/8.1 Update Error “The Processor is Not Supported” On New CPUs
next post
How to Access and Manage Windows Registry with PowerShell

Related Reading

Updating the PowerShell Version on Windows

December 24, 2020

Zerologon (CVE-2020-1472): Critical Active Directory Vulnerability

December 4, 2020

How to Run CMD/Program under SYSTEM (LocalSystem) in...

December 3, 2020

Remote Desktop Services Is Currently Busy

October 27, 2020

How to Reduce Windows.edb Huge File Size?

October 19, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Configure and Connect an iSCSI Disk on Windows Server?

    January 26, 2021
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    January 22, 2021
  • Checking User Logon History in Active Directory Domain with PowerShell

    January 22, 2021
  • How to Disable/Remove Thumbs.db File on Network Folders in Windows?

    January 21, 2021
  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Install .NET Framework 3.5 on Windows Server 2012 R2
  • Granting Remote Access on SCManager to Non-admin Users
  • SMB 1.0 Support in Windows Server 2012 R2 / Windows Server 2016
  • How to Clean Up “System Volume Information” Folder
  • Schedule Task to Start When Another Task Finishes
  • User Profile Disks on Windows Server 2012 R2 / 2016 RDS
  • Fix: Server Stuck on “Preparing to Configure Windows”
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top