20 KiB
title, description, ms.date, ms.topic
| title | description | ms.date | ms.topic |
|---|---|---|---|
| LanmanServer Policy CSP | Learn more about the LanmanServer Area in Policy CSP. | 04/21/2025 | generated-reference |
Policy CSP - LanmanServer
[!INCLUDE Windows Insider tip]
AuditClientDoesNotSupportEncryption
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/AuditClientDoesNotSupportEncryption
This policy controls whether the SMB server will log the event when the SMB client doesn't support encryption.
-
If you enable this policy setting, the SMB server will log the event when the SMB client doesn't support encryption.
-
If you disable or don't configure this policy setting, the SMB server won't log the event.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_AuditClientDoesNotSupportEncryption |
| Friendly Name | Audit client does not support encryption |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| Registry Value Name | AuditClientDoesNotSupportEncryption |
| ADMX File Name | LanmanServer.admx |
AuditClientDoesNotSupportSigning
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/AuditClientDoesNotSupportSigning
This policy controls whether the SMB server will log the event when the SMB client doesn't support signing.
If you enable this policy setting, the SMB server will log the event when the SMB client doesn't support signing.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_AuditClientDoesNotSupportSigning |
| Friendly Name | Audit client does not support signing |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| Registry Value Name | AuditClientDoesNotSupportSigning |
| ADMX File Name | LanmanServer.admx |
AuditInsecureGuestLogon
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/AuditInsecureGuestLogon
This policy controls whether the SMB server will enable the audit event when the client is logged-on as guest account.
-
If you enable this policy setting, the SMB server will log the event when the client is logged-on as guest account.
-
If you disable or don't configure this policy setting, the SMB server won't log the event.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_AuditInsecureGuestLogon |
| Friendly Name | Audit insecure guest logon |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| Registry Value Name | AuditInsecureGuestLogon |
| ADMX File Name | LanmanServer.admx |
AuthRateLimiterDelayInMs
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/AuthRateLimiterDelayInMs
This policy controls whether the SMB server will use a default value in milliseconds for the invalid authentication delay.
-
If you configure this policy setting, the authentication rate limiter will use the specified value for delaying invalid authentication attempts.
-
If you don't configure this policy setting, the authentication rate limiter will use the default value or the value from local registry under HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: [0-10000] |
| Default Value | 2000 |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_AuthRateLimiterDelayInMs |
| Friendly Name | Set authentication rate limiter delay (milliseconds) |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| ADMX File Name | LanmanServer.admx |
EnableAuthRateLimiter
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/EnableAuthRateLimiter
This policy controls whether the SMB server will enable or disable the authentication rate limiter.
-
If you disable this policy setting, the authentication rate limiter won't be enabled.
-
If you don't configure this policy setting, the authentication rate limiter may still be working depending on the delay settings (the recommended delay value is 2000ms).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Allowed values:
| Value | Description |
|---|---|
| 0 | Disabled. |
| 1 (Default) | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_EnableAuthRateLimiter |
| Friendly Name | Enable authentication rate limiter |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| Registry Value Name | EnableAuthRateLimiter |
| ADMX File Name | LanmanServer.admx |
EnableMailslots
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/EnableMailslots
This policy controls whether the SMB server will enable or disable remote mailslots over the computer browser service.
-
If you disable this policy setting, the computer browser service will no longer run as expected.
-
If you don't configure this policy setting, the computer browser may still be working with remote mailslots enabled.
Note
This policy requires a Windows reboot to take effect.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_EnableMailslots |
| Friendly Name | Enable remote mailslots |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\Bowser |
| Registry Value Name | EnableMailslots |
| ADMX File Name | LanmanServer.admx |
MaxSmb2Dialect
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/MaxSmb2Dialect
This policy controls the maximum version of SMB protocol.
Note
This group policy doesn't prevent use of SMB 1 if that component is still installed and enabled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 785 |
Allowed values:
| Value | Description |
|---|---|
| 514 | SMB 2.0.2. |
| 528 | SMB 2.1.0. |
| 768 | SMB 3.0.0. |
| 770 | SMB 3.0.2. |
| 785 (Default) | SMB 3.1.1. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_MaxSmb2Dialect |
| Friendly Name | Mandate the maximum version of SMB |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| ADMX File Name | LanmanServer.admx |
MinSmb2Dialect
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100.3613] and later ✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/LanmanServer/MinSmb2Dialect
This policy controls the minimum version of SMB protocol.
Note
This group policy doesn't prevent use of SMB 1 if that component is still installed and enabled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 514 |
Allowed values:
| Value | Description |
|---|---|
| 514 (Default) | SMB 2.0.2. |
| 528 | SMB 2.1.0. |
| 768 | SMB 3.0.0. |
| 770 | SMB 3.0.2. |
| 785 | SMB 3.1.1. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | Pol_MinSmb2Dialect |
| Friendly Name | Mandate the minimum version of SMB |
| Location | Computer Configuration |
| Path | Network > Lanman Server |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanServer |
| ADMX File Name | LanmanServer.admx |