Lukas Beran
Lukas Beran

Welcome to my blog! If you're looking for tutorials, hints or tips for IT, you're right here. You will find mostly articles on Microsoft products and technologies - operating systems, servers, virtualization, networks, management, but also the cloud. Sometimes I add some other interesting things.

October 2016


Forcing SMB encryption

Lukas BeranLukas Beran

SMB (Server Message Block), known also as CIFS (Common Internet File System) is network communication protocol for a communication between computer nodes. Primarily is used for a data transfers in a computer network. We know it as network drives (network shares or shared folders).

Current version of this protocol is 3.1.1 and has been introduced in Windows 10 and Windows Server 2016. Data transfer encryption using AES 128 CCM was introduced in version 3.0 (Windows 8 and Windows Server 2012) and in the latest version was this encryption upgraded to AES 128 GCM which is much faster on modern CPUs.

During establishing a connection between two nodes is selected the highest version supported by both computers. For the latest version 3.1.1 is required Windows 10 or Windows Server 2016 on both sides.

Determination of the protocol version

We can determine the protocol version in elevated PowerShell using

Protocol version is available in the Dialect column.

SMB data encryption

Data transfers are not encrypt by default. If you want to activate SMB encryption, which is necessary for all transfers through Internet, we need to turn it on.

First possible way is of course PowerShell. For turning encryption on for all network shares, use

For encryption only on selected shares, use

Second options is GUI. Open Server Manager, choose File and Storage Services – Shares and for selected shares right click the share and select Properties and switch to Settings where is available checkbox Encrypt Data Access.

Disabling SMB version 1

If you don’t need SMB version 1, it’s highly recommended to turn it off using

My primary focus is the security of identities, devices and data in the cloud using Microsoft services, technologies and tools.

Comments 0
There are currently no comments.