View all Worklets

Windows - Security - ENABLE SMB Signing

Activates SMB digital signing for enhanced Windows security.

Worklet Details

Introduction to the PowerShell Based Windows - Security - Enable SMB Signing Worklet

The Windows - Security - Enable SMB Signing Worklet is a valuable tool for administrators who manage Windows operating systems. This PowerShell-based Worklet is designed to enhance security by enabling the requirement of digitally signed Server Message Block (SMB) communications for Windows 8+ and Windows Server operating systems. 

Implementing this security measure can help protect against man-in-the-middle attacks that exploit vulnerabilities in unsigned SMB packets.

Why would you use the Enable SMB Signing Worklet?

Using the Windows - Security - Enable SMB Signing Worklet ensures that both Microsoft Network Server and Microsoft Network Client support SMB signing for communication between devices on your network. By enabling support for SMB packet signing, you are effectively requiring all devices on your network to negotiate SMB packet signing when they communicate with each other. 

This helps to reduce the likelihood of attackers intercepting data as it is transmitted between your network devices.

Components of the Enable SMB Signing Worklet

The Worklet includes two main components: an evaluation script and a remediation script. The evaluation script checks whether the current SMB server packet signing and SMB client packet signing registry values match the desired state.

If not, it triggers remediation, which adjusts or creates necessary registry properties to enable or disable SMB signing based on user input.

How does the Enable SMB Signing Worklet work?

The primary function of this Worklet is to configure specific registry keys related to Microsoft Network Server digitally sign communications and Microsoft Network Client digitally sign communications settings. The evaluation part of this script verifies if these settings are correctly configured according to user requirements. In case they do not match, it indicates that remediation is required.

During remediation, the PowerShell based script creates missing registry properties or adjusts existing ones in line with users' specified values for enabling or disabling SMB signing. Importantly, no reboot is required for these changes to take effect, making this Worklet a seamless solution for quickly enhancing your network's security posture.

What is the expected outcome when you use the Windows - Security - Enable SMB Signing Worklet?

After successfully running the Windows - Security - Enable SMB Signing Worklet, you should expect that all devices on your network support and negotiate digitally signed SMB communications. This enhanced level of security helps protect sensitive data and reduce the risk of unauthorized access or tampering by malicious actors. 

This Worklet ensures that your Windows environment adheres to best practices related to SMB encryption and that communication between devices remains secure.

View in app


What's a Worklet?

Consider Automox Worklets your easy button. Grab ready-to-go PowerShell and BASH code from our catalog to automate any scriptable task on your Windows, macOS, and Linux endpoints.

do more with worklets