Advertisement

Windows 11 Build 25992 (Canary) improves Snipping Tool and SMB

Windows 11 Build 25992, which is now available to Insiders in the Canary channel, introduces a number of Server Message Block (SMB) protocol changes, and several fixes to Explorer and other components. Also it includes an updated Snipping Tool app that works better with HDR.

Advertisеment

What's new in Windows 11 Build 25992 (Canary)

Changes to SMB

Build 25992 makes the following changes to the Server Message Block (SMB) protocol.

SMB firewall rule

The firewall rules for SMB have changed. In the past, when you created an SMB share, Windows Firewall automatically enabled the File and Printer Sharing rule group for the corresponding profiles. Windows will now automatically configure a new rule group "File and Printer Sharing (Restricted)" that does not include incoming NetBIOS ports 137-139. In the future, Microsoft plans to update these rules to also exclude incoming ICMP, LLMNR, and Spooler Service ports, leaving only the required SMB ports for public access.

This change improves the default network security level and brings SMB firewall rules closer to the behavior of the File Server role in Windows Server. Administrators can still configure the File and Printer Sharing rule group as they see fit, and can modify the new firewall group as needed.

More information about this change can be found at https://aka.ms/SMBfirewall. For more information about SMB network security, see Secure SMB Traffic in Windows Server.

SMB NTLM blocking exception list

List of exceptions for SMB NTLM blocking. The new SMB NTLM blocking feature, which was first introduced in  Windows 11 Insider Preview Build 25951, now supports the ability to create exception lists for NTLM usage. This means that an administrator can configure a general disallowance of the use of NTLM, but at the same time allow clients to use NTLM for certain servers that do not support Kerberos. This is especially useful in cases where the servers are not part of an Active Directory domain or are third-party servers that do not support Kerberos.

More information about this change can be found at https://aka.ms/SmbNtlmBlock.

Alternative SMB client and server ports

The SMB client now supports the ability to connect to the SMB server over TCP, QUIC, or RDMA using alternative network ports other than the hard-coded default. Previously, SMB only supported TCP/445, QUIC/443, and RDMA iWARP/5445. In addition, SMB over QUIC in Windows Server now also supports remote hosts configured on ports other than 443 (this option will be added in a separate Windows Server Insider Preview release). It's important to note that Windows Server does not support configuring alternate TCP ports for the SMB server, but third-party developers such as Samba do provide this option.

You can specify an alternate port for the SMB client using the NET USE and New-SmbMapping commands in PowerShell. Alternatively, you can completely disable this feature using Group Policy.

More information about using this option can be found at https://aka.ms/SMBAlternativePorts. For more detailed information about configuring non-standard ports on third-party SMB servers, we recommend that you refer to their product documentation.

Changes to SMB over QUIC client access management certificates

SMB over QUIC Client Access Control, first introduced in  Windows 11 Insider Preview Build 25977 , now supports the use of certificates with Subject Alternative Names and is not limited to a single subject. This means that Client Access Control now allows the use of certificates from the Microsoft AD Certification Authority and multiple workstation names, as was the case with the previous version of SMB over QUIC. Administrators can now evaluate this feature using the recommended methods without having to create self-signed test certificates.

More information about this change can be found at https://aka.ms/SmbOverQUICCAC. For more information about SMB over QUIC, visit https://aka.ms/SMBoverQUIC.

Updated Snipping Tool app

A new version of the Snipping Tool application (11.2310.49.0) with improved support for HDR displays has become available to insiders on the Dev and Canary channels. Now, when HDR is enabled, the created screenshots and screen videos will have more correct colors.

Snap Layouts

Windows 11 now shows suggestions in Snap Layouts that help you instantly snap multiple app windows together. When hovering over the Minimize or Maximize button on an app (or WIN + Z) to launch the layout box, you will see app icons displayed in various layout options to help recommend the best layout option that works best.

 

Changes and improvements

Fixes

  • Fixed an issue where pages in the Personalization and Privacy & Security sections were displaying empty options.
  • Fixed an issue that caused the context menu to appear off-screen when accessed using a touch screen or pen at the edge of the desktop.
  • Fixed an issue where the home page in Settings might prompt you to sign in to your Microsoft account, but the feature would not work. The offer appeared even if the “Options” indicated that the account was logged in.
  • If in the previous build you experienced problems with the Quick Actions menu and the WIN + A key combination did not work, then this problem should now be resolved.
  • Fixed an issue that caused icons on the taskbar to disappear after switching between desktops.

Known Issues

  • [Reminder] Some popular games may not work correctly in Canary Channel Insider builds. If you notice any problems, be sure to leave feedback in the Feedback Center app.
  • Investigating reports that the system freezes at the logo when attempting to reboot into Safe Mode.
  • [New] When you try to open the Settings -> Bluetooth & Devices -> Touchpad page, the Settings app will crash.

Source

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.