Audit SMB client SPN support

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy controls whether the SMB server audits the Service Principal Name (SPN) provided by SMB clients during authentication. If you enable this policy setting, the SMB server will log an event whenever an SMB client doesn't send SPN or sends an invalid SPN during authentication. This audit data can help identify clients that may be incompatible with SPN validation before enforcement is enabled on SMB server. If you disable or do not configure this policy setting, the SMB server will not log the event.

This policy has no additional user input fields.

• Computer
  Audit client does not support encryption

  At least Windows Server 2025, Windows 11
• Computer
  Audit client does not support signing

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Audit insecure guest logon

  At least Windows Server 2025, Windows 11
• Computer
  Cipher suite order

  At least Windows Server 2016, Windows 10
• Computer
  Disable SMB compression

  At least Windows Server 2022, Windows 11
• Computer
  Enable authentication rate limiter

  At least Windows Server 2025, Windows 11
• Computer
  Enable remote mailslots

  At least Windows Server 2025, Windows 11
• Computer
  Enable SMB over QUIC

  At least Windows Server 2025, Windows 11
• Computer
  Hash Publication for BranchCache

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Hash Version support for BranchCache

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Honor cipher suite order

  At least Windows Server 2016, Windows 10
• Computer
  Mandate the maximum version of SMB

  At least Windows Server 2022, Windows 11