Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Set-SmbServerConfiguration
- Module:
- SmbShare Module
Sets the Server Message Block (SMB) server configuration.
Syntax
Default (Default)
Set-SmbServerConfiguration
[-AnnounceComment <String>]
[-AnnounceServer <Boolean>]
[-AsynchronousCredits <UInt32>]
[-AuditClientCertificateAccess <Boolean>]
[-AuditClientDoesNotSupportEncryption <Boolean>]
[-AuditClientDoesNotSupportSigning <Boolean>]
[-AuditInsecureGuestLogon <Boolean>]
[-AuditSmb1Access <Boolean>]
[-AutoDisconnectTimeoutInMinutesV1 <UInt32>]
[-AutoDisconnectTimeoutInSecondsV2 <UInt32>]
[-AutoShareServer <Boolean>]
[-AutoShareWorkstation <Boolean>]
[-CachedOpenLimit <UInt32>]
[-EnableDirectoryHandleLeasing <Boolean>]
[-DisableCompression <Boolean>]
[-DisableSmbEncryptionOnSecureConnection <Boolean>]
[-DurableHandleV2TimeoutInSeconds <UInt32>]
[-EnableAuthenticateUserSharing <Boolean>]
[-EnableDownlevelTimewarp <Boolean>]
[-EnableForcedLogoff <Boolean>]
[-EnableLeasing <Boolean>]
[-EnableMailslots <Boolean>]
[-EnableMultiChannel <Boolean>]
[-EnableOplocks <Boolean>]
[-EnableSecuritySignature <Boolean>]
[-EnableSMB1Protocol <Boolean>]
[-EnableSMB2Protocol <Boolean>]
[-EnableSMBQUIC <Boolean>]
[-EnableStrictNameChecking <Boolean>]
[-EncryptData <Boolean>]
[-EncryptionCiphers <String>]
[-InvalidAuthenticationDelayTimeInMs <UInt32>]
[-IrpStackSize <UInt32>]
[-KeepAliveTime <UInt32>]
[-MaxChannelPerSession <UInt32>]
[-MaxMpxCount <UInt32>]
[-MaxSessionPerConnection <UInt32>]
[-MaxThreadsPerQueue <UInt32>]
[-MaxWorkItems <UInt32>]
[-NullSessionPipes <String>]
[-NullSessionShares <String>]
[-OplockBreakWait <UInt32>]
[-PendingClientTimeoutInSeconds <UInt32>]
[-RejectUnencryptedAccess <Boolean>]
[-RequestCompression <Boolean>]
[-RequireSecuritySignature <Boolean>]
[-RestrictNamedpipeAccessViaQuic <Boolean>]
[-ServerHidden <Boolean>]
[-Smb2CreditsMax <UInt32>]
[-Smb2CreditsMin <UInt32>]
[-Smb2DialectMax <Smb2DialectMax>]
[-Smb2DialectMin <Smb2DialectMin>]
[-SmbServerNameHardeningLevel <UInt32>]
[-TreatHostAsStableStorage <Boolean>]
[-ValidateAliasNotCircular <Boolean>]
[-ValidateShareScope <Boolean>]
[-ValidateShareScopeNotAliased <Boolean>]
[-ValidateTargetName <Boolean>]
[-Force]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-SmbServerConfiguration cmdlet sets the Server Message Block (SMB) Service configuration.
For more information on SMB server and protocol specifications, see
Overview of file sharing using the SMB 3 protocol in Windows Server
and [MS-SMB2]:Server Message Block (SMB) Protocol Versions 2 and
3.
Examples
Example 1: Set the SMB Service configuration
Set-SmbServerConfiguration -MaxChannelPerSession 16 -Confirm:$false
This command sets the SMB Service configuration without user confirmation.
Example 2: Turn on SMB signing and encryption
$Parameters = @{
RequireSecuritySignature = $true
EnableSecuritySignature = $true
EncryptData = $true
Confirm = $false
}
Set-SmbServerConfiguration @Parameters
This command turns on SMB signing and encryption without user confirmation. This example uses
splatting to pass parameter values from the $Parameters variable to the command. Learn more about
Splatting.
Example 3: Turn off the default server and workstations shares
Set-SmbServerConfiguration -AutoShareServer $false -AutoShareWorkstation $false -Confirm:$false
This command turns off the default server and workstations shares without user confirmation.
Example 4: Turn off server announcements
Set-SmbServerConfiguration -ServerHidden $false -AnnounceServer $false -Confirm:$false
This command turns off server announcements without user confirmation.
Example 5: Turn off SMB1
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false
This command disables SMB1 on the SMB server without user confirmation.
Example 6: Specify encryption ciphers
Set-SmbServerConfiguration -EncryptionCiphers "AES_128_GCM, AES_256_GCM" -Confirm:$false
This command specifies the encryption ciphers used by the SMB client, and the preferred order without user confirmation.
Parameters
-AnnounceComment
Specifies the announce comment string.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AnnounceServer
Indicates that this server announces itself by using browser announcements.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AsJob
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AsynchronousCredits
Specifies the asynchronous credits.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuditClientCertificateAccess
Enables SMB over QUIC client access control audit events. There are three possible events: access allowed, access denied, and error. The access allowed and access denied events list properties of the client certificate chain and any allow and deny access control entries that apply to the client certificates.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuditClientDoesNotSupportEncryption
Enables auditing of SMB clients that don't support encryption. Clients that connect and don't list SMB encryption in their supported capabilities will be recorded in the Windows event log.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuditClientDoesNotSupportSigning
Enables auditing of the clients attempts to connect without signing to the server. The server logs an audit event when a client attempts to connect to the server without using message signing.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuditInsecureGuestLogon
Specifies whether to audit insecure guest logon attempts. When enabled insecure guest logons will appear in Windows Event Viewer.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuditSmb1Access
Enables the auditing of SMB version 1 protocol behavior.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AutoDisconnectTimeoutInMinutesV1
Specifies the v1 auto disconnect time-out period, in minutes.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AutoDisconnectTimeoutInSecondsV2
Specifies the v2 auto disconnect time-out period, in seconds.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AutoShareServer
Indicates that the default server shares are shared out.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AutoShareWorkstation
Indicates whether the default workstation shares are shared out.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CachedOpenLimit
Specifies the maximum number of cached open files.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CimSession
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Parameter properties
| Type: | CimSession[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Session |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-DisableCompression
Indicates that the SMB server should never compress files even if client or application requested it.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisableSmbEncryptionOnSecureConnection
Specifies that SMB encryption will also be used if configured on the SMB server. By default, QUIC
encryption only is used in order to avoid double encryption affecting performance unnecessarily. If
a client requires SMB encryption using
Set-SmbClientConfiguration -ForceSMBEncryptionOverQuic $true then the
DisableSmbEncryptionOnSecureConnection value is ignored and SMB encryption occurs.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DurableHandleV2TimeoutInSeconds
Specifies the durable handle v2 time-out period, in seconds.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableAuthenticateUserSharing
Indicates whether authenticate user sharing is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableDirectoryHandleLeasing
Enables directory handle leasing on the server. When directory handle leasing is enabled, the server can cache directory handles for a longer period of time, which can improve performance for certain workloads. This can be particularly useful in scenarios where there are a large number of directory operations being performed on the server.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableDownlevelTimewarp
Indicates whether down-level timewarp support is disabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableForcedLogoff
Indicates whether forced logoff is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableLeasing
Indicates whether leasing is disabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableMailslots
Specifies whether to enable mailslots. If this parameter is specified, mailslots will be enabled. Beginning with Windows Server 2025 and Windows 11 Insider Preview Build 25314, remote mailslots are disabled by default.
To learn more about remote mailslot deprecation, see Features removed or no longer developed starting with Windows Server 2025.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableMultiChannel
Indicates whether multi-channel is disabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableOplocks
Indicates whether the opportunistic locks are enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableSecuritySignature
Indicates whether the security signature is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableSMB1Protocol
Indicates whether the SMB1 protocol is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableSMB2Protocol
Indicates whether the SMB2 protocol is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableSMBQUIC
Indicates whether the SMB over QUIC protocol is enabled.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableStrictNameChecking
Indicates whether the server should perform strict name checking on incoming connects.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EncryptData
Indicates whether the sessions established on this server are encrypted.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EncryptionCiphers
Specifies the encryption ciphers used by the SMB server and the preferred order.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InvalidAuthenticationDelayTimeInMs
Specifies the length of time in milliseconds that the server should delay before responding to an authentication request that has been deemed invalid, such as an incorrect user name or password.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IrpStackSize
Specifies the default IRP stack size.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-KeepAliveTime
Specifies the keep alive time.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MaxChannelPerSession
Specifies the maximum channels per session.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MaxMpxCount
Specifies the maximum MPX count for SMB1.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MaxSessionPerConnection
Specifies the maximum sessions per connection.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MaxThreadsPerQueue
Specifies the maximum threads per queue.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-MaxWorkItems
Specifies the maximum SMB1 work items.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-NullSessionPipes
Specifies the null session pipes.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-NullSessionShares
Specifies the null session shares.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-OplockBreakWait
Specifies how long the create caller waits for an opportunistic lock break.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PendingClientTimeoutInSeconds
Specifies the pending client time-out period, in seconds.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RejectUnencryptedAccess
Indicates whether the client that doesn't support encryption is denied access if it attempts to connect to an encrypted share.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RequestCompression
Indicates if SMB server should always request compression even if client or application didn't specify it.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RequireSecuritySignature
Indicates whether the security signature is required.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RestrictNamedpipeAccessViaQuic
Specifies that named pipes are allowed when using SMB over QUIC. A value of $true prevents use of
named pipes and is the default.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ServerHidden
Indicates whether the server announces itself.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Smb2CreditsMax
Specifies the maximum SMB2 credits.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Smb2CreditsMin
Specifies the minimum SMB2 credits.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Smb2DialectMax
This parameter specifies the maximum version of the SMB protocol to be used. Acceptable values are:
- None – There is no maximum protocol version specified, the server can use any supported version.
- SMB202 – SMB 2.0.2 is the maximum version accepted by the SMB Server
- SMB210 - SMB 2.1.0 is the maximum version accepted by the SMB Server
- SMB300 - SMB 3.0.0 is the maximum version accepted by the SMB Server
- SMB302 - SMB 3.0.2 is the maximum version accepted by the SMB Server
- SMB311 - SMB 3.1.1 is the maximum version accepted by the SMB Server
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Accepted values: | None, SMB202, SMB210, SMB300, SMB302, SMB311 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Smb2DialectMin
This parameter specifies the minimum version of the SMB protocol to be used. Acceptable values are:
- None – There is no minimum protocol version specified, the server can use any supported version.
- SMB202 – SMB 2.0.2 is the minimum version accepted by the SMB Server
- SMB210 - SMB 2.1.0 is the minimum version accepted by the SMB Server
- SMB300 - SMB 3.0.0 is the minimum version accepted by the SMB Server
- SMB302 - SMB 3.0.2 is the minimum version accepted by the SMB Server
- SMB311 - SMB 3.1.1 is the minimum version accepted by the SMB Server
Parameter properties
| Type: | Smb2DialectMin |
| Default value: | None |
| Accepted values: | None, SMB202, SMB210, SMB300, SMB302, SMB311 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SmbServerNameHardeningLevel
Controls the level of validation that a server performs on the service principal name (SPN) that is provided by the client device when the client establishes a session using Server Message Block (SMB). The acceptable values are:
0: Don't enforce SPN check.1: Allow clients who didn't provide the target, but fail those who do provide the target and it doesn't match.2: Only allow clients who supply matching targets.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Accepted values: | 0, 1, 2 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ThrottleLimit
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If
this parameter is omitted or a value of 0 is entered, then Windows PowerShell calculates an
optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
computer.
The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TreatHostAsStableStorage
Indicates whether the host is treated as the stable storage.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ValidateAliasNotCircular
Indicates whether the aliases that aren't circular are validated.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ValidateShareScope
Indicates that the existence of share scopes is checked during share creation.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ValidateShareScopeNotAliased
Indicates whether the share scope being aliased is validated.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ValidateTargetName
Indicates whether the target name is validated.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet isn't run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
Object
Related Links
Feedback
Was this page helpful?