All versions of Centrify DirectControlQuestion:
, there is a suggestion to turn off SMB2.
What is the main difference between SMB and SMB2, are there any side effects of switching off SMB2?Answer:
The main difference is SMB2 (and now SMB3) is a more secure form of SMB. It is required for secure channel communications.
The DirectControl agent (adclient
) uses it to download Group Policy and uses NTLM authentication.
The side effect of turning off SMB2 is that adclient
will revert back to use SMB and as a result will disable support for SMB signing.
If the Domain Controller is configured to require SMB signing, group policy updates and NTLM authentication will fail.