![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,809 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Hello,
Enabling the policy "Microsoft network client: Digitally sign communications (always)" will require all SMB communications to be digitally signed. This enhances the security of file transfers between clients and servers but can also have implications on the performance and compatibility of your network.
Here are a few things to consider:
1.Performance Impact: Enabling digital signatures on SMB communications can introduce a performance overhead. This is because each packet needs to be signed and verified, which can slow down data transfer rates, especially on busy networks.
2.Compatibility with DFS and File Servers: If your file servers and DFS (Distributed File System) shares support SMB signing, they should be compatible with this policy. However, it's crucial to test this in a controlled environment before rolling it out network-wide to ensure that there are no unforeseen issues.
3.Linux Compatibility: For Windows shares mounted on Linux VMs, the compatibility will depend on the SMB client that the Linux system is using. Modern SMB clients like smbclient from the Samba suite support SMB signing. Ensure that your Linux systems are configured correctly to handle SMB signing. You may need to update your Samba configuration (smb.conf) to enable signing.
4.Legacy Systems: If you have any older systems or devices that do not support SMB signing, they will not be able to communicate with the servers once this policy is enabled. This could potentially disrupt services or connections for those devices.
It is recommended that you thoroughly test this policy in a controlled environment to observe any performance impact or compatibility issues before enabling it across your entire environment.
For more information, see: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always
I hope the information above is helpful.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.