????
Your IP : 216.73.216.136
<?xml version="1.0" encoding="utf-8"?>
<!-- (c) 2006 Microsoft Corporation -->
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
<displayName>enter display name here</displayName>
<description>enter description here</description>
<resources>
<stringTable>
<string id="Cat_LanmanWorkstation">Lanman Workstation</string>
<string id="Pol_CipherSuiteOrder_Name">Cipher suite order</string>
<string id="Pol_CipherSuiteOrder_Help">This policy setting determines the cipher suites used by the SMB client.
If you enable this policy setting, cipher suites are prioritized in the order specified.
If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.
SMB 3.11 cipher suites:
AES_128_GCM
AES_128_CCM
AES_256_GCM
AES_256_CCM
SMB 3.0 and 3.02 cipher suites:
AES_128_CCM
How to modify this setting:
Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use.
Note: When configuring this security setting, changes will not take effect until you restart Windows.</string>
<string id="Pol_EnableInsecureGuestLogons_Name">Enable insecure guest logons</string>
<string id="Pol_EnableInsecureGuestLogons_Help">This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.
If you disable this policy setting, the SMB client will reject insecure guest logons.
Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access."
</string>
<string id="Pol_EnableCSCforCAShares_Name">Offline Files Availability on Continuous Availability Shares</string>
<string id="Pol_EnableCSCforCAShares_Help">
This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the "Always Available offline" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible.
If you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares.
Note: Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.
</string>
<string id="Pol_EnableHandleCachingForCAFiles_Name">Handle Caching on Continuous Availability Shares</string>
<string id="Pol_EnableHandleCachingForCAFiles_Help">
This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.
If you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares.
Note: This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.
</string>
<string id="SUPPORTED_Windows_Server_2022_Windows_11_0">At least Windows Server 2022, Windows 11</string>
<string id="Pol_EnableCompressedTraffic_Name">Use SMB compression by default</string>
<string id="Pol_EnableCompressedTraffic_Help">This policy controls whether the SMB client uses traffic compression by default.
If you enable this policy setting, the SMB client will attempt to compress traffic by default when SMB compression is enabled.
If you disable or do not configure this policy setting, the SMB client will not by default attempt to compress traffic. However traffic compression may be requested by other means. See notes below.
Note: This policy is combined with per-share and per-file handle properties, through which traffic compression may be requested. As well, the SMB server must support and enable compression. For example, should this policy be disabled (or not configured), the SMB client may still perform compression if an SMB server share has compression requested. If this is undesired, and one wishes to completely disable compression, configure the accompanying 'Disable SMB compression' policy instead.
</string>
<string id="Pol_DisableCompression_Name">Disable SMB compression</string>
<string id="Pol_DisableCompression_Help">This policy controls whether the SMB client will disable (completely prevent) traffic compression.
If you enable this policy setting, the SMB client will never compress data, irrespective of other policies (such as the 'Use SMB compression by default' policy or per-share property).
If you disable or do not configure this policy setting, the SMB client may compress traffic (depending on a combination of other policies and conditions).
</string>
</stringTable>
<presentationTable>
<presentation id="Pol_CipherSuiteOrder">
<text>Cipher suites:</text>
<multiTextBox refId="MultiText_CipherSuiteOrder"/>
</presentation>
</presentationTable>
</resources>
</policyDefinitionResources>