This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 45%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
I have the below policies pushed out on the Default Domain Policy for my organization.
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network server: Digitally sign communications (always)
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network client: Digitally sign communications (always)
If I run an RSOP on the various server I can verify the policy settings are in place.
When I run 'Get-SMBConnection' on various servers I can see SMB Connections.
When I run 'Get-SMBConnection | fl signed' I see some of these connections shows 'signed: True' and some show 'signed: False'.
Servers are all Win 2016 / 2019
If the policy is pushed out via the default domain policy why arent all the connections showing 'signed: True'?
What am I missing?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 12%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hello @Joshua Thompson ,
Thank you for posting here.
From the link below, we can see the function of the following two commands is:
Get connections from an SMB client to SMB servers.
Get-SmbConnection
'Get-SMBConnection | fl signed'
Get-SmbConnection
https://learn.microsoft.com/en-us/powershell/module/smbshare/get-smbconnection?view=windowsserver2019-ps
Please troubleshot as below:
1.Force entire AD replication by running command repadmin /syncall /AdeP on one DC.
2.Wait about ten minutes, run gpupdate /force on machine showing 'signed: False'.
3.Please check the gpresult report on machine showing 'signed: False'.
Logon the machine using domain Administrator.
Open CMD (run as Administrator).
Type gpresult /h C:\gpo.html and click Enter.
Open gpo.html and check if the following two settings are enabled under “Computer Details”.
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network server: Digitally sign communications (always)==>Enabled
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network client: Digitally sign communications (always)==>Enabled
If all above is OK, please access the shared folder on machine showing 'signed: False'.
Then check the SMB connection again using the commands below.
Get-SmbConnection
'Get-SMBConnection | fl signed'
Hope the information above is helpful to you.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Aster Wei
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
I ran a test and the 'Get-SMBConnection | fl signed' did not come back with all connections showing as TRUE until the server was restarted.
I will restart other servers tonight and confirm if this was a one time occurrence or if this restart fixed the problem.
'
Thank you,
No restart needed. Just patience :)
After checking again, all connections on ALL my servers are coming back with SMB signed TRUE except for 1 connection.