Policy
Require Encryption
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows11, WindowsServer2022
This policy controls whether the SMB client will require encryption. If you enable this policy setting, the SMB client will require the SMB server to support encryption and encrypt the data. If you disable or do not configure this policy setting, the SMB client will not require encryption. However, SMB encryption may still be required; see notes below. Note: This policy is combined with per-share, per-server, and per mapped drive connection properties, through which SMB encryption may be required. The SMB server must support and enable SMB encryption. For example, should this policy be disabled (or not configured), the SMB client may still perform encryption if an SMB server share has required encryption. Important: SMB encryption requires SMB 3.0 or later
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path Software\Policies\Microsoft\Windows\LanmanWorkstation Value name RequireEncryption | REG_DWORD | HKLM 1 | HKLM 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.