I just got a notification from my company that my NFA servers need to have a feature enabled for Server Message Block Signing to always be on. Would it be a problem to turn this setting on on all NFA machines?
I simply go into gpedit.msc on the server: Computer Configuration -Windows Settings - Security Settings - Local Policies - Security Options
Change to ENABLE "Microsoft Network Client: Digitally Sign communications (always)."
Then restart the computer.
NFA installed on Windows 2012 R2.
Unlike RA, NFA doesn't connect to file shares. There are no reported NFA issues caused by modifying this setting.