이 페이지가 유용했습니까?
이 콘텐츠에 대한 여러분의 의견은 중요합니다. 의견을 알려주십시오.
추가 의견
1500자 남음
내보내기(0) 인쇄
모두 확장
EN
이 콘텐츠는 한국어로 제공되지 않아 영어 버전으로 표시됩니다.

Digitally sign client communications (always)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Description

Determines whether the computer will always digitally sign client communications.

The Windows 2000 Server Message Block (SMB) authentication protocol supports mutual authentication, which closes a "man-in-the-middle" attack, and supports message authentication, which prevents active message attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by both the client and the server.

In order to use SMB signing, you must either enable it or require it on both the SMB client and the SMB server. If SMB signing is enabled on a server, then clients that are also enabled for SMB signing will use the packet signing protocol during all subsequent sessions. If SMB signing is required on a server, then a client will not be able to establish a session unless it is at least enabled for SMB signing.

If this policy is enabled, it requires the Windows 2000 SMB client to perform SMB packet signing.

If this policy is disabled, it does not require the SMB client to sign packets.

This policy is defined by default in Local Computer Policy, where it is disabled by default.

Note Image Note

SMB signing will impose a performance penalty on your system. Although it doesn't consume any more network bandwidth, it does use more CPU cycles on the client and server side.

표시:
© 2015 Microsoft