Thanks for your post.
The EncryptData property of MSFT_SmbServerConfiguration and that of MSFT_SmbServer are different and modifying the former will not cause the latter to be modified. Per my test on Windows Server 2022, the EncryptData property of MSFT_SmbServerConfiguration which is the global setting takes precedence. SMB Encryption will be enabled if you run Set-SmbServerConfiguration -EncryptData $True -Force
so there is need to run Set-SmbShare -Name "ShareName" -EncryptData $True -Force
for every share. Setting EncryptData of MSFT_SmbServerConfiguration to false allows the SMB encryption settings on individual shares to take effect.
You can check this in the Server Manager. After running Set-SmbShare -Name "ShareName" -EncryptData $True -Force
, the "Encrypt data access" option is checked.
If I run Set-SmbServerConfiguration -EncryptData $True -Force
, the option is checked and greyed out. It cannot be modified even if EncryptData is set to false on the share by running Set-SmbShare -Name "ShareName" -EncryptData $False -Force
.
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.