Windows 11 Build 25381 is the latest Insider Preview release in the Canary channel as of now. It changes the signing requirement for SMB shares in Enterprise editions of the OS, which has become mandatory. Also, it can now detect issues with webcam and bring up a troubleshooter.
SMB signing requirements have changed
Starting with Windows 11 Insider Preview Build 25381 Enterprise edition, SMB signing is now required for all connections. Previously, Windows 10 and Windows 11 by default required SMB signing only when accessing the SYSVOL and NETLOGON shares, and Active Directory domain controllers required SMB packet signing when any client connected to them. The new change aims to improve the security of Windows and Windows Server in today's environment.
Advertisеment
All versions of Windows and Windows Server support SMB signing, but third-party developers may disable it or not support it at all. If you try to connect to a remote share on a third party SMB server that does not support SMB signatures, you will receive the following error messages:
- 0xc000a000
- 1073700864
- STATUS_INVALID_SIGNATURE
- The cryptographic signature is invalid.
To fix the problem, enable SMB signing support on the third-party SMB server. Microsoft does not recommend disabling SMB signing and using SMB1 to bypass this limitation (SMB1 supports the feature but does not enforce it). SMB devices that do not support packet signing can help attackers take control and relay attacks within the network.
SMB signing can degrade the performance of copy operations. This problem can be minimized by using more virtual or physical CPU cores, as well as by moving to more modern processors.
To view the current SMB signing settings, use the following PowerShell commands:
Get-SmbServerConfiguration | fl requiresecuritysignatureGet-SmbClientConfiguration | fl requiresecuritysignature
To disable the SMB signing requirement on client devices, run the following command in PowerShell as an administrator:
Set-SmbClientConfiguration -RequireSecuritySignature $false
To disable the SMB signing requirement on the server (Windows 11 Insider Preview Build 25381 and newer Enterprise Edition), run the following command in PowerShell as an administrator:
Set-SmbServerConfiguration -RequireSecuritySignature $false
A reboot is not required to apply the changes, but open SMB connections will continue to be signed until the connection is closed.
More information about the change can be found on the official Microsoft website.
Changes and improvements
If there is a problem with camera streaming, such as the camera not being able to start or the shutter is closed, a pop-up dialog will appear recommending that you run the Get Help troubleshooter to resolve the issue.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
