Thanks much. That’s what I was looking for.
Basically, there is no negotiation in Vista and later. For either SMB1 or 2, signing will always happen if either server or client requires it, even if the other party has it disabled. I like that better than the Windows 2003 model, even though that was more intuitive. *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Nathan Shelby *Sent:* Monday, May 16, 2016 10:31 AM *To:* [email protected] *Subject:* Re: [NTSysADM] SMB Signing Mystery When the client connects in this situation you are creating a signed session. Microsoft has a blog post explaining the effects of the GPOs on SMB signing that explain the behavior your seeing: https://blogs.technet.microsoft.com/josebda/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2/ Nathan Shelby Director of Information Technology – Quote Wizard <https://quotewizard.com/> [email protected] / 206-753-2626 Malo Periculosam Libertatem Quam Quietum Servitium On Mon, May 16, 2016 at 7:01 AM, Charles F Sullivan < [email protected]> wrote: In troubleshooting a CIFS/SMB issue, I am trying to configure SMB signing to cause a failed connection. - On the server (Windows 2012 domain member), I have SMB signing disabled. Server – Digitally Sign Communications (always): Disabled | Digitally Sign Communications (if client agrees): Disabled - On the client (Windows 7 non-domain member), I have SMB signing required. Client – Digitally Sign Communications (always): Enabled | Digitally Sign Communications (if server agrees): Enabled I did remember to reboot after making any changes to these settings. When I type \\fileserver <file://fileserver> from the client, I get prompted for credentials, enter the credentials and make a successful connection. The account has write access and I’m able to copy a file to the share, delete, etc. Does anyone know why this would succeed? Charlie Sullivan Sr. Windows Systems Administrator Boston College 197 Foster St. Room 367 Brighton, MA 02135
