Windows 11 Canary Build 25381 changes requirements for SMB signing

New Windows 11 Insider Preview Build 25381 Canary channel features, changes, improvements, and ways to download and install.

Windows 11 Canary Build 25381

Canary channel of Windows Insider program has grabbed yet another build changing the requirements for SMB signing (02.06.2023). The update has a solitary improvement and this is for camera streaming issue. The release is Windows 11 Insider Preview Build 25381 which you can automatically install.

Full name of the update is Windows 11 Insider Preview 25381.1 (zn_release). See: Windows 10 build 20206 Dev Channel Rolled out. Let’s see what is new in this release:

Windows 11 Canary Build 25381 features changes and improvements

Here is the changelog:

SMB signing requirement changes

Starting from “Windows 11 Canary Build 25381” Enterprise editions, the default requirement for all connections is SMB signing. This marks a departure from the previous behavior in Windows 10 and 11, where SMB signing was only mandatory by default when connecting to shares named SYSVOL and NETLOGON. Furthermore, Active Directory domain controllers necessitated SMB signing only when any client connected to them. This change is part of an ongoing effort to enhance the security of Windows and Windows Server, keeping them aligned with the requirements of the modern landscape.

Every version of Windows and Windows Server provides support for SMB signing. However, it’s possible for a third-party server to disable or not support this feature. If you try to connect to a remote share on such a third-party SMB server that doesn’t allow SMB signing, you may encounter one of the following error messages:

  1. 0xc000a000
  2. -1073700864
  3. STATUS_INVALID_SIGNATURE
  4. The cryptographic signature is invalid.

To address this problem, it is advised to configure your third-party SMB server to enable SMB signing. This recommendation comes directly from Microsoft. It is important not to disable SMB signing in Windows or resort to using SMB1 as a workaround. While SMB1 does support signing, it does not enforce it. Using an SMB device that lacks support for signing opens up the possibility of interception and relay attacks from malicious individuals. Safeguarding against such threats is crucial for maintaining the security of your system.

IN Windows 11 Canary Build 25381, enabling SMB signing can potentially impact the performance of SMB copy operations. However, there are several ways to mitigate this issue. One approach is to utilize a system with more physical CPU cores or virtual CPUs. Besides, employing newer and faster CPU can also help alleviate the performance impact caused by SMB signing. By ensuring that your system has adequate processing power, you can effectively minimize any potential performance drawbacks while maintaining the security benefits of SMB signing.

To view the current SMB signing settings, execute the underneath PowerShell cmdlets:

Get-SmbServerConfiguration | Select-Object -ExpandProperty RequireSecuritySignature
Get-SmbClientConfiguration | Select-Object -ExpandProperty RequireSecuritySignature

To remove the requirement for SMB signing in client connections (outbound to other devices), execute the below PowerShell cmdlet as an elevated administrator:

Set-SmbClientConfiguration -RequireSecuritySignature $false

To deactivate the necessity for SMB signing in server connections on Windows 11 canary Build 25381 and higher with Enterprise edition devices, execute the subsequent PowerShell command as an elevated administrator:

Set-SmbServerConfiguration -RequireSecuritySignature $false

No system reboot is necessary after making changes to the SMB signing configuration. However, it’s important to note that existing SMB connections will continue to use signing until they are closed.

Changes and Improvements

General

In the event of a camera streaming issue, such as a camera failing to start or a closed camera shutter, a pop-up dialog will emerge, providing a suggestion to initiate the automated Get Help troubleshooter for problem resolution. This prompt aims to guide users towards using the troubleshooter as a means to address and rectify the camera-related problem.

How to download Windows 11 Canary Build 25381 and install

  1. Click on Start from the taskbar and type updates.
  2. When scanning is finished, click on Download.
  3. After the downloading is over select Restart now.

Source: Windows blog.

That’s all!!

Sharing is caring    Share Whatsapp

 
Topics:  Windows Insider
  
About Sunita
Love to play with Windows 11 and 10. Suggestion - Going for Registry change or system files edit then remember to take a backup or create a restore point before Starting.