3.045 - The Windows SMB client will be enabled to perform SMB packet signing when possible.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

If this policy is enabled, it causes the Windows Server Message Block (SMB) client to perform SMB packet signing when communicating with an SMB server that is enabled or required to perform SMB packet signing. This policy is defined by default in Local Computer Policy, where it is enabled by default.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Microsoft Network Client: Digitally sign communications (if server agrees)' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_R2_MS_V1R33_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-3(1), CAT|II, CCI|CCI-002418, CCI|CCI-002421, CSCv6|13, Rule-ID|SV-32309r1_rule, STIG-ID|3.045, Vuln-ID|V-1166

Plugin: Windows

Control ID: 79d57537209f968eb34c123d2f21943932436a619a0fab841e1987e86fbcce1f