I am looking into forcing SMB signing per the CSO’s request. Can anyone explain this behavior?
On a Windows 7 client, I set it to force SMB signing (MS network client: “Digitally sign communications (always)” and “Digitally sign communications (if server agrees)” both Enabled. I did this in the Local Security Policy and I confirmed that there are **no** GPOs which would override this. Despite this setting, I can access every Windows server that I have tried (Windows 2003, 2008 R2, 2012, 2012 R2). All of the servers have the default setting of SMB signing disabled (MS network server: “Digitally sign communications (always)” and “Digitally sign communications (if client agrees)” both Disabled. Again, I confirmed that there are **no** GPOs which would override this. Does anyone have an explanation for this? I can’t think of what I might be missing. Thanks.
