Microsoft SMB Signing feature

Document ID : KB000102068
Last Modified Date : 08/10/2018
Show Technical Document Details
I just got a notification from my company that my NFA servers need to have a feature enabled for Server Message Block Signing to always be on. Would it be a problem to turn this setting on on all NFA machines?

I simply go into gpedit.msc on the server:
Computer Configuration -Windows Settings - Security Settings - Local Policies - Security Options

Change to ENABLE "Microsoft Network Client: Digitally Sign communications (always)." 

Then restart the computer.
NFA installed on Windows 2012 R2.
Unlike RA, NFA doesn't connect to file shares.  There are no reported NFA issues caused by modifying this setting.