How to disable SMB signing by default on Windows 11
SMB signing is enabled by default in Windows Insider.
3 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- SMB signing adds another layer of protection to your PC.
- The feature will come to all Windows editions over the next months.
- However, you can disable it if you need to.
Last week, Microsoft released an important feature in Windows 11 Insider Preview Build 25381: SMB (Server Message Block) signing will be required by default for all connections.
If Windows 10 and 11 required SMB signing only in certain situations, now the feature will automatically enable it on these operating systems.
SMB signing is a process that makes sure every message you send has a signature-session key. Basically, you put a hash on the signature field of your messages. Every time someone tries to change the message, SMB will know. And both you and the receiver must confirm your identity, thus protecting you from hacking attacks.
The Redmond-based tech giant says that signing is a critical defensive tactic. Even more, the feature is part of a campaign to improve the security of Windows for the modern landscape.
But let’s say you want to disable SMB signing for certain reasons. A third-party app or software that you use might not support it. What to do then?
Here’s how to disable SMB signing by default on Windows 11
- In the Search taskbar type in Windows PowerShell and run it as an administrator
- Check your current SMB settings by typing in the following command
Get-SmbClientConfiguration | FL requiresecuritysignature
- To disable SMB signing requirements in client connections, run the following command (img)
Set-SmbClientConfiguration -RequireSecuritySignature $false
- Select Y to make the changes and you should be all set.
You should also know that all versions of Windows support SMB signing. And when you’ll try to connect to a remote share third-party server that does now allow SMB signing, you’ll get the following error:
0xc000a000
-1073700864
STATUS_INVALID_SIGNATURE
The cryptographic signature is invalid.
In order for you to solve this error, you must configure your third-party server to support SMB signing. You can disable the SMB signing on your Windows 11 device, however, Microsoft does not recommend it. A third-party server that does now allow SMB signing is very vulnerable to attacks from malicious parties.
Currently, this feature is only in Windows Insider, but the default change for SMB signing will come to other Windows versions as well. It will also appear in major Windows releases over the next months, depending on how it goes in Windows Insider.
What do you think about this new feature? Is it useful or could it cause more compatibility issues? Let us know what you think below.
User forum
0 messages