Microsoft SMB Signing feature

Document ID : KB000102068
Last Modified Date : 08/10/2018
Show Technical Document Details
Question:
I just got a notification from my company that my NFA servers need to have a feature enabled for Server Message Block Signing to always be on. Would it be a problem to turn this setting on on all NFA machines?

I simply go into gpedit.msc on the server:
Computer Configuration -Windows Settings - Security Settings - Local Policies - Security Options

Change to ENABLE "Microsoft Network Client: Digitally Sign communications (always)." 

Then restart the computer.
Environment:
NFA installed on Windows 2012 R2.
Answer:
Unlike RA, NFA doesn't connect to file shares.  There are no reported NFA issues caused by modifying this setting.