Microsoft SMB Signing feature

book

Article ID: 102068

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction



I just got a notification from my company that my NFA servers need to have a feature enabled for Server Message Block Signing to always be on. Would it be a problem to turn this setting on on all NFA machines?

I simply go into gpedit.msc on the server:
Computer Configuration -Windows Settings - Security Settings - Local Policies - Security Options

Change to ENABLE "Microsoft Network Client: Digitally Sign communications (always)." 

Then restart the computer.

Environment

NFA installed on Windows 2012 R2.

Resolution

Unlike RA, NFA doesn't connect to file shares.  There are no reported NFA issues caused by modifying this setting.