Cipher suite order

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting determines the cipher suites used by the SMB client. If you enable this policy setting, cipher suites are prioritized in the order specified. If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: AES_128_GCM AES_128_CCM AES_256_GCM AES_256_CCM SMB 3.0 and 3.02 cipher suites: AES_128_CCM How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. Note: When configuring this security setting, changes will not take effect until you restart Windows.

No explicit registry values are set for enabled or disabled states.

• Computer
  Alternative Port Mappings

  At least Windows Server 2025, Windows 11
• Computer
  Audit insecure guest logon

  At least Windows Server 2025, Windows 11
• Computer
  Audit server does not support encryption

  At least Windows Server 2025, Windows 11
• Computer
  Audit server does not support signing

  At least Windows Server 2025, Windows 11
• Computer
  Block NTLM (LM, NTLM, NTLMv2)

  At least Windows Server 2025, Windows 11
• Computer
  Block NTLM Server Exception List

  At least Windows Server 2025, Windows 11
• Computer
  Disable SMB compression

  At least Windows Server 2022, Windows 11
• Computer
  Disabled SMB over QUIC Server Exception List

  At least Windows Server 2025, Windows 11
• Computer
  Enable Alternative Ports

  At least Windows Server 2025, Windows 11
• Computer
  Enable insecure guest logons

  At least Windows Server 2016, Windows 10
• Computer
  Enable remote mailslots

  At least Windows Server 2025, Windows 11
• Computer
  Enable SMB over QUIC

  At least Windows Server 2025, Windows 11