Windows Insider build 26090 brings small changes for SMB

Heya folks, Ned here again. We continue to make SMB changes to Windows vNext and 2025 based on customer feedback and last mile work. With the release of Windows 11 Insider Preview Build 26090 (Canary and Dev Channels), we have a few more small ones. Some of these were based on Insider feedback from customers – your opinions really do matter to us!

SMB over QUIC client disable: Administrators can now disable the SMB over QUIC client with and PowerShell. To disable SMB over QUIC using PowerShell, run the following command in an elevated console:

Set-SmbClientConfiguration -EnableSMBQUIC $false

To disable SMB over QUIC using , use GPMC.MSC or GPEDIT.MSC to configure the following setting:

  • Computer Configuration Administrative Templates Lanman Workstation Enable SMB over QUIC

This option already exists for the SMB over QUIC server in two ways: either you can actively disable it with and PowerShell, or you can simply not configure SMB over QUIC with a , which accomplishes the same thing and is the out of box experience, obviously.

SMB over QUIC client connection auditing: Successful SMB over QUIC client connection events are now written to the event log to include the QUIC transport. You can view these events using EVENTVWR.MSC under the following path:

  • Applications and Services Logs Microsoft Windows SMBClient Connectivity (Event ID: 30832)

SMB signing and auditing: Administrators can now enable auditing of the SMB server and client for support of SMB signing and . This shows if a third-party client or server doesn't support SMB encryption or signing. If your third-party device or software claims to support SMB 3.1.1 but doesn't support SMB signing, you need to get your money back, as that breaks the strict pre-authentication integrity protocol requirement, and they are only using SMB 3.0.2 or older!

You can configure these settings with PowerShell and Group Policy.

To configure SMB client or server signing or encryption auditing using Group Policy, use GPMC.MSC or GPEDIT.MSC to configure the following settings:

  • Computer Configuration Administrative Templates Lanman Workstation Audit server does not support encryption
  • Computer Configuration Administrative Templates Lanman Workstation Audit server does not support signing
  • Computer Configuration Administrative Templates Network Lanman Server Audit client does not support encryption
  • Computer Configuration Administrative Templates Network Lanman Server Audit client does not support signing

To configure SMB client or server signing or encryption auditing using using PowerShell, run the following command in an elevated console:

Set-SmbClientConfiguration -AuditServerDoesNotSupportEncryption $true

Set-SmbClientConfiguration -AuditServerDoesNotSupportSigning $true

Set-SmbServerConfiguration -AuditClientDoesNotSupportEncryption $true

Set-SmbServerConfiguration -AuditClientDoesNotSupportSigning $true

You can view these events using EVENTVWR.MSC under the following paths:

  • Applications and Services Logs Microsoft Windows SMBClient Audit (Event ID: 31998 and Event ID: 31999)
  • Applications and Services Logs Microsoft Windows SMBServer Audit (Event ID: 3021 and Event ID: 3022)

For more information on SMB over QUIC in Windows and Windows Server Insider Preview builds, review https://aka.ms/SMBoverQUICServer and https://aka.ms/SmbOverQuicCAC.

For more information on SMB signing and encryption in Windows and Windows Server Insider Preview builds, review https://aka.ms/SmbSigningRequired and https://aka.ms/SmbClientEncrypt.

The changes will keep coming, our work is never done. Keep checking back here for news and new things to try out in Windows and Windows Server Insider.

Until next time,

Ned Pyle

 

This article was originally published by Storage at Microsoft. You can find the original article here.