I have the below policies pushed out on the Default Domain Policy for my organization.
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network server: Digitally sign communications (always)
Computer > Policies > Windows Settings > Security> Local Policies > Security Options > Microsoft network client: Digitally sign communications (always)
If I run an RSOP on the various server I can verify the policy settings are in place.
When I run 'Get-SMBConnection' on various servers I can see SMB Connections.
When I run 'Get-SMBConnection | fl signed' I see some of these connections shows 'signed: True' and some show 'signed: False'.
Servers are all Win 2016 / 2019
If the policy is pushed out via the default domain policy why arent all the connections showing 'signed: True'?
What am I missing?