How to enable SMB signing Windows 2008/Windows 7

We have had an audit and the auditors have recommended enabling SMB signing on the network. How is this done, and should it be done? We have a windows 2008 DC and 2008 application server, all PC's are Windows 7 Pro.
Who is Participating?
Mohammed KhawajaConnect With a Mentor Manager - Infrastructure:  Information TechnologyCommented:
SMB signing is used to ensure SMB packets are not modified during transit (i.e. man in the middle attack).  By default all Windows server, clients and DCs support SMB signing but is not enabled.  A client will not be able to establish a session with a server that has SMB signing enabled until client agrees to sign SMBs.  SMB signing could result in up to 15% or higher performance degradation as there is overhead with SMB signing.  SMB signing can be enabled either via GPO or registry and you could reference link below:

I do not recommend SMB signing unless it is a must or you believe there is a possibility of man in the middle attack in your environment.
350ztnAuthor Commented:
I completely agree and have informed management of the performance issue, they want to enable it to see if the performance loss is noted. So I guess I must move forward with the group policy changes on server and client side. thank you for the link. It looks like at the bottom of that link is where I need to focus, for the group policy changes.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.