I just got a notification from my company that my NFA servers need to have a feature enabled for Server Message Block Signing to always be on. Would it be a problem to turn this setting on on all NFA machines?
I simply go into gpedit.msc on the server:
Computer Configuration -Windows Settings - Security Settings - Local Policies - Security Options
Change to ENABLE "Microsoft Network Client: Digitally Sign communications (always)."
Then restart the computer.
NFA installed on Windows 2012 R2.
|Unlike RA, NFA doesn't connect to file shares. There are no reported NFA issues caused by modifying this setting.|