Friday, December 8, 2023

Windows 11 Enhanced with Server Message Block Client Encryption Integration and DNR!


HomeITWindowsWindows 11 Enhanced with Server Message Block Client Encryption Integration and DNR!

Related posts

Nvidia’s Arm-Based Processors: The Next Big Leap for PCs in 2025!

Nvidia is said to be in the early stages of developing Arm-based processors suitable for Windows PCs

WinRAR – Urgent Alert Update Immediately!

Users of WinRAR, take note: there's an urgent need...

How to Master NIC Teaming: 5 Essential Steps for Success.

Learn how to configure NIC teaming in Windows for high availability networking. Discover steps for setup and more.

Unlock the Power of Automation: Learn PowerShell in 2023 for Greater Productivity

Why you should learn PowerShell and how to get started with this powerful automation tool. Explore the key differences between CMD and PowerShell.

Breaking the Challenge: SMB 1.0 Installation on Azure Virtual Machine

SMB v1, the Server Message Block network protocol, is no longer default. Legacy systems still rely on SMB 1.0, but Azure has disabled it for security reasons.

Microsoft is fortifying Windows 11 by introducing support for Network-designated Resolvers (DNR) and Server Message Block (SMB) client encryption mandates, paving the way for enhanced network interactions.

The Server Message Block (SMB)

Server Message Block (SMB) plays a pivotal role in buttressing advanced network security in Windows 11. Earlier, in May, Microsoft transitioned SMB signing in as a default function in the Windows Enterprise version. Additionally, they dispensed some insights on the SMB authentication methodology in June. The tech giant’s latest announcement reveals its commitment to furthering support for Server Message Block (SMB) client encryption mandates along with Network-designated Resolvers (DNR) in Windows 11.

In the latest Windows 11 Canary build 25982, released just recently, we see the inaugural inclusion of the Server Message Block client encryption mandate. The purpose of SMB encryption is to offer uncompromised security during data exchanges over networks. This encryption technique made its debut with SMB 3.0 in Windows 8 and Windows Server 2012, and subsequent versions amplified its capabilities, integrating advanced cryptographic suites like AES-GCM and AES-256-GCM.

Breaking the Challenge: SMB 1.0 Installation on Azure Virtual Machine

These state-of-the-art upgrades allow IT administrators to fine-tune client systems to necessitate the use of Server Message Block encryption from the target server. So, in scenarios where SMB 3.x isn’t accessible or encryption hasn’t been set up, the client device possesses the discretion to decline the connection, bolstering the overall network protection. Microsoft has also provided a comprehensive guide for IT professionals to set up this feature, available either through Group Policy or PowerShell.

Server Message Block

While this addition is noteworthy, Microsoft has highlighted the need to strike a balance between performance and compatibility. Users might opt for mere SMB signing for a slight dip in security but a boost in performance. However, activating SMB encryption offers paramount security, making it the prime choice and overriding the functions of SMB signing.

Another significant upgrade in Windows 11 Canary build 25982 is the DNR support. This is a progressive standard, proposed by the Internet Engineering Task Force (IETF), designed to simplify the discovery of encrypted DNS servers. Traditionally, client devices had to manually locate the IP of their desired encrypted DNS server. DNR streamlines this process, capitalizing on encrypted protocols such as DNS over HTTPS (DoH) and DNS over TLS (DoT).

The DNR system is intricate but efficient. When a device with DNR attempts to connect to a fresh network, it communicates with the DHCP server, requesting an IP address and other DNR-specific parameters. The DHCP server, already DNR-equipped, responds with the necessary details, including the encrypted DNS server’s IP, supported encrypted protocols, ports, and authentication credentials. This allows the client device to effortlessly connect to the encrypted DNS server, sidelining the need for manual configurations.

For those eager to harness the potential of DNR on Windows 11 Canary, Microsoft has provided a detailed guide. It’s worth noting, however, that DNR doesn’t support IPv6 RA Encrypted DNS presently. It’s also crucial to remember that these innovations – both Server Message Block (SMB) client encryption mandates and DNR support – are still undergoing trials in Insider Preview builds, and an official release date remains under wraps.

I'am IT Professional & Owner of I have been working in IT industry for more than 15 years. Apart from work, I love to read books and share knowledge.

Latest posts


Please enter your comment!
Please enter your name here