Activates SMB digital signing for enhanced Windows security.
The Windows - Security - Enable SMB Signing Worklet is a valuable tool for administrators who manage Windows operating systems. This PowerShell-based Worklet is designed to enhance security by enabling the requirement of digitally signed Server Message Block (SMB) communications for Windows 8+ and Windows Server operating systems.
Implementing this security measure can help protect against man-in-the-middle attacks that exploit vulnerabilities in unsigned SMB packets.
Using the Windows - Security - Enable SMB Signing Worklet ensures that both Microsoft Network Server and Microsoft Network Client support SMB signing for communication between devices on your network. By enabling support for SMB packet signing, you are effectively requiring all devices on your network to negotiate SMB packet signing when they communicate with each other.
This helps to reduce the likelihood of attackers intercepting data as it is transmitted between your network devices.
The Worklet includes two main components: an evaluation script and a remediation script. The evaluation script checks whether the current SMB server packet signing and SMB client packet signing registry values match the desired state.
If not, it triggers remediation, which adjusts or creates necessary registry properties to enable or disable SMB signing based on user input.
The primary function of this Worklet is to configure specific registry keys related to Microsoft Network Server digitally sign communications and Microsoft Network Client digitally sign communications settings. The evaluation part of this script verifies if these settings are correctly configured according to user requirements. In case they do not match, it indicates that remediation is required.
During remediation, the PowerShell based script creates missing registry properties or adjusts existing ones in line with users' specified values for enabling or disabling SMB signing. Importantly, no reboot is required for these changes to take effect, making this Worklet a seamless solution for quickly enhancing your network's security posture.
After successfully running the Windows - Security - Enable SMB Signing Worklet, you should expect that all devices on your network support and negotiate digitally signed SMB communications. This enhanced level of security helps protect sensitive data and reduce the risk of unauthorized access or tampering by malicious actors.
This Worklet ensures that your Windows environment adheres to best practices related to SMB encryption and that communication between devices remains secure.
No credit card required. By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.
AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy