Microsoft network server: Digitally sign communications (always)ID: oval:org.secpod.oval:def:8838 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Microsoft network server: Digitally sign communications (always) setting should be configured correctly.
This policy setting determines if the server side SMB service is required to perform SMB packet signing. Enable this policy setting in a mixed environment to prevent downstream clients from using the workstation as a network server.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always)
(2) KEY: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\RequireSecuritySignature
Platform: |
Microsoft Windows Server 2008 R2 |