How to determine if a SMB Client has established a Signed SMB communication from my Windows Server 2012?
Solution 1
As of the time of this writing, the only way to really know this for sure is to watch the network connection as it's being negotiated through Wireshark or Network Monitor.
Right now, nothing exposes this data through an API, WMI class, etc.
The Get-SMBConnection Powershell cmdlet will get you this information in the future, but not today.
The cmdlet is simply a wrapper around the MSFT_SmbConnection WMI class.
Get-WmiObject -Namespace 'Root\Microsoft\Windows\SMB' MSFT_SmbConnection
Returns the exact same info. If you go read the MSDN documentation for that WMI class, you will see that the documentation lists a Signed property in addition to the Encrypted property that you see today.
class MSFT_SmbConnection
{
string ServerName;
string ShareName;
string UserName;
uint32 SmbInstance;
string Credential;
uint64 NumOpens;
string Dialect;
boolean ContinuouslyAvailable;
boolean Encrypted;
boolean EnableLoadBalanceScaleOut;
boolean Signed; // ^_^ *trollface*
};
The documentation then goes on to say:
Signed
Data type: Boolean
Access type: Read-only
TBD. (To be determined)
Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8: This property is not supported before Windows Server Technical Preview and Windows 10 Technical Preview.
Windows 10 preview is when it first shows up. So there you have it.
Solution 2
For the benefit of Google, I was also struggling with discovering if my SMB Signing was actually working or not. I swear Get-SmbConnection wasn't returning 'Signed' property yesterday, but today when I run (on my Windows 10 1903 x64 machine PSVersion 5.1.18362.145):
PS C:\WINDOWS\system32> Get-SmbConnection | fl *
SmbInstance : Default
ContinuouslyAvailable : False
Credential : DOMAIN\user
Dialect : 3.0.2
Encrypted : False
NumOpens : 1
Redirected : False
ServerName : server.domain
ShareName : share
Signed : False
UserName : DOMAIN\user
PSComputerName :
CimClass : ROOT/Microsoft/Windows/SMB:MSFT_SmbConnection
CimInstanceProperties : {ContinuouslyAvailable, Credential, Dialect, Encrypted...}
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties
'Signed' is a property returned, and shows True or False.
However on my Server 2012 R2 PSVersion 5.1.14409.1018 currently does not. Colleague on Windows 10 1809 PSVersion 5.1.17763.592 also has it.
Related videos on Youtube
03 : 06
10 : 29
15 : 15
08 : 32
27 : 05
03 : 40
Comments
-
pragadheesh almost 2 years
Is there a way to find from my Windows 2012 Server if the client has established a signed communication ?
Net Session gives the basic details but does not say anything about signing.
C:\>net session \\a.b.c.d User name Administrator Computer a.b.c.d Guest logon No Client type Sess time 00:08:02 Idle time 00:07:50 Share name Type # Opens -------------------------------------- test Disk 0 The command completed successfully.Is there any Powershell cmdlet or any administrative tool or command that would provide with such information ? Thanks in advance.
Edit 1: I also tried the following. Get-SmbConnection should be executed on the client to find the Servers to which the client has establish connections.
PS C:\Users\Administrator> Get-SmbConnection | Select-Object -Property * ContinuouslyAvailable : False Credential : domain\administrator Dialect : 3.00 Encrypted : False NumOpens : 3 ServerName : server1 ShareName : test UserName : SERVER1\Administrator PSComputerName : CimClass : ROOT/Microsoft/Windows/SMB:MSFT_SmbConnection CimInstanceProperties : {ContinuouslyAvailable, Credential, Dialect, Encrypted...} CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties-
krisFR about 9 yearsNot tested myself so i am not sure, but you could give a try to Get-SmbConnection Powershell cmdlet
-
pragadheesh about 9 years@krisFR. I did try Get-SmbConnection and it does not provide such information.
-
-
ron almost 3 yearsthis works for me, on windows 10, must open powershell in win10 as run as administrator for theGet-SmbConnectioncommand to work otherwise you will get access denied. -
ron almost 3 yearsas of 2021 on window 10, this
Get-SmbConnection | fl *in powershell {run as administrator} works; I can get Encrypted=True however not able to get Signed=True; on RHEL 7.9 with samba 4.10; unix.stackexchange.com/questions/668955/… -
TheManInOz almost 3 yearsStrange. On my Windows 10 Pro 21H1 x64 19043.1165, I do get it. Granted all my current connections are to Windows SMB v3.0.2.
