Set-SmbServerConfiguration

Sets the Server Message Block (SMB) server configuration.

Syntax

Set-SmbServerConfiguration
   [-AnnounceComment <String>]
   [-AnnounceServer <Boolean>]
   [-AsynchronousCredits <UInt32>]
   [-AuditClientCertificateAccess <Boolean>]
   [-AuditSmb1Access <Boolean>]
   [-AutoDisconnectTimeout <UInt32>]
   [-AutoShareServer <Boolean>]
   [-AutoShareWorkstation <Boolean>]
   [-CachedOpenLimit <UInt32>]
   [-DisableCompression <Boolean>]
   [-DisableSmbEncryptionOnSecureConnection <Boolean>]
   [-DurableHandleV2TimeoutInSeconds <UInt32>]
   [-EnableAuthenticateUserSharing <Boolean>]
   [-EnableDownlevelTimewarp <Boolean>]
   [-EnableForcedLogoff <Boolean>]
   [-EnableLeasing <Boolean>]
   [-EnableMultiChannel <Boolean>]
   [-EnableOplocks <Boolean>]
   [-EnableSecuritySignature <Boolean>]
   [-EnableSMB1Protocol <Boolean>]
   [-EnableSMB2Protocol <Boolean>]
   [-EnableSMBQUIC <Boolean>]
   [-EnableStrictNameChecking <Boolean>]
   [-EncryptData <Boolean>]
   [-EncryptionCiphers <String>]
   [-IrpStackSize <UInt32>]
   [-KeepAliveTime <UInt32>]
   [-MaxChannelPerSession <UInt32>]
   [-MaxMpxCount <UInt32>]
   [-MaxSessionPerConnection <UInt32>]
   [-MaxThreadsPerQueue <UInt32>]
   [-MaxWorkItems <UInt32>]
   [-NullSessionPipes <String>]
   [-NullSessionShares <String>]
   [-OplockBreakWait <UInt32>]
   [-PendingClientTimeoutInSeconds <UInt32>]
   [-RejectUnencryptedAccess <Boolean>]
   [-RequestCompression <Boolean>]
   [-RequireSecuritySignature <Boolean>]
   [-RestrictNamedpipeAccessViaQuic <Boolean>]
   [-ServerHidden <Boolean>]
   [-Smb2CreditsMax <UInt32>]
   [-Smb2CreditsMin <UInt32>]
   [-SmbServerNameHardeningLevel <UInt32>]
   [-TreatHostAsStableStorage <Boolean>]
   [-ValidateAliasNotCircular <Boolean>]
   [-ValidateShareScope <Boolean>]
   [-ValidateShareScopeNotAliased <Boolean>]
   [-ValidateTargetName <Boolean>]
   [-Force]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-SmbServerConfiguration cmdlet sets the Server Message Block (SMB) Service configuration. For more information on SMB server and protocol specifications, see Overview of file sharing using the SMB 3 protocol in Windows Server and [MS-SMB2]:Server Message Block (SMB) Protocol Versions 2 and 3.

Note

  • The EncryptionCiphers parameter is available beginning with 2022-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5014665), and Cumulative Update for Windows 11, version 22H2 (KB5014668).

  • The DisableCompression and RequestCompression parameters are available beginning with 2022-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5016693), and Cumulative Update for Windows 11, version 22H2 (KB5016691).

Examples

Example 1: Set the SMB Service configuration

Set-SmbServerConfiguration -MaxChannelPerSession 16 -Confirm:$false

This command sets the SMB Service configuration without user confirmation.

Example 2: Turn on SMB signing and encryption

$Parameters = @{
    RequireSecuritySignature = $true
    EnableSecuritySignature = $true
    EncryptData = $true
    Confirm = $false
}
Set-SmbServerConfiguration @Parameters

This command turns on SMB signing and encryption without user confirmation. This example uses splatting to pass parameter values from the $Parameters variable to the command. Learn more about Splatting.

Example 3: Turn off the default server and workstations shares

Set-SmbServerConfiguration -AutoShareServer $false -AutoShareWorkstation $false -Confirm:$false

This command turns off the default server and workstations shares without user confirmation.

Example 4: Turn off server announcements

Set-SmbServerConfiguration -ServerHidden $false -AnnounceServer $false -Confirm:$false

This command turns off server announcements without user confirmation.

Example 5: Turn off SMB1

Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false

This command disables SMB1 on the SMB server without user confirmation.

Example 6: Specify encryption ciphers

Set-SmbServerConfiguration -EncryptionCiphers "AES_128_GCM, AES_256_GCM" -Confirm:$false

This command specifies the encryption ciphers used by the SMB client, and the preferred order without user confirmation.

Parameters

-AnnounceComment

Specifies the announce comment string.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AnnounceServer

Indicates that this server announces itself by using browser announcements.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AsynchronousCredits

Specifies the asynchronous credits.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AuditClientCertificateAccess

Enables SMB over QUIC client access control audit events. There are three possible events: access allowed, access denied, and error. The access allowed and access denied events list properties of the client certificate chain and any allow and deny access control entries that apply to the client certificates.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AuditSmb1Access

Enables auditing of SMB version 1 protocol in Windows Event Log.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AutoDisconnectTimeout

Specifies the auto disconnect time-out.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AutoShareServer

Indicates that the default server shares are shared out.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AutoShareWorkstation

Indicates whether the default workstation shares are shared out.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CachedOpenLimit

Specifies the maximum number of cached open files.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableCompression

Indicates that the SMB server should never compress files even if client or application requested it.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableSmbEncryptionOnSecureConnection

Specifies that SMB encryption will also be used if configured on the SMB server. By default, QUIC encryption only is used in order to avoid double encryption affecting performance unnecessarily. If a client requires SMB encryption using Set-SmbClientConfiguration -ForceSMBEncryptionOverQuic $true then the DisableSmbEncryptionOnSecureConnection value is ignored and SMB encryption occurs.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DurableHandleV2TimeoutInSeconds

Specifies the durable handle v2 time-out period, in seconds.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableAuthenticateUserSharing

Indicates whether authenticate user sharing is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableDownlevelTimewarp

Indicates whether down-level timewarp support is disabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableForcedLogoff

Indicates whether forced logoff is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableLeasing

Indicates whether leasing is disabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableMultiChannel

Indicates whether multi-channel is disabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableOplocks

Indicates whether the opportunistic locks are enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSecuritySignature

Indicates whether the security signature is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSMB1Protocol

Indicates whether the SMB1 protocol is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSMB2Protocol

Indicates whether the SMB2 protocol is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSMBQUIC

Specifies that the SMB over QUIC protocol is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableStrictNameChecking

Indicates whether the server should perform strict name checking on incoming connects.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptData

Indicates whether the sessions established on this server are encrypted.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionCiphers

Specifies the encryption ciphers used by the SMB server and the preferred order.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IrpStackSize

Specifies the default IRP stack size.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeepAliveTime

Specifies the keep alive time.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxChannelPerSession

Specifies the maximum channels per session.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxMpxCount

Specifies the maximum MPX count for SMB1.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxSessionPerConnection

Specifies the maximum sessions per connection.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxThreadsPerQueue

Specifies the maximum threads per queue.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxWorkItems

Specifies the maximum SMB1 work items.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-NullSessionPipes

Specifies the null session pipes.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-NullSessionShares

Specifies the null session shares.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OplockBreakWait

Specifies how long the create caller waits for an opportunistic lock break.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PendingClientTimeoutInSeconds

Specifies the pending client time-out period, in seconds.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RejectUnencryptedAccess

Indicates whether the client that doesn't support encryption is denied access if it attempts to connect to an encrypted share.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequestCompression

Indicates if SMB server should always request compression even if client or application didn't specify it.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequireSecuritySignature

Indicates whether the security signature is required.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RestrictNamedpipeAccessViaQuic

Specifies that named pipes are allowed when using SMB over QUIC. A value of $true prevents use of named pipes and is the default.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServerHidden

Indicates whether the server announces itself.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Smb2CreditsMax

Specifies the maximum SMB2 credits.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Smb2CreditsMin

Specifies the minimum SMB2 credits.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SmbServerNameHardeningLevel

Controls the level of validation that a server performs on the service principal name (SPN) that is provided by the client device when the client establishes a session using Server Message Block (SMB). The acceptable values are:

  • 0: Don't enforce SPN check.
  • 1: Allow clients who didn't provide the target, but fail those who do provide the target and it doesn't match.
  • 2: Only allow clients who supply matching targets.
Type:UInt32
Accepted values:0, 1, 2
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.

The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TreatHostAsStableStorage

Indicates whether the host is treated as the stable storage.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ValidateAliasNotCircular

Indicates whether the aliases that aren't circular are validated.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ValidateShareScope

Indicates that the existence of share scopes is checked during share creation.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ValidateShareScopeNotAliased

Indicates whether the share scope being aliased is validated.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ValidateTargetName

Indicates whether the target name is validated.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

None