DSCResources/DSC_SmbServerConfiguration/en-US/about_SmbServerConfiguration.help.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
.NAME
    SmbServerConfiguration
 
.DESCRIPTION
    The resource is used to manage SMB Server Settings.
 
    ## Requirements
 
    Windows Server 2012 or newer.
 
.PARAMETER IsSingleInstance
    Key - String
    Allowed values: Yes
    Specifies the resource is a single instance, the value must be 'Yes'
 
.PARAMETER AnnounceComment
    Write - String
    Specifies the announce comment string.
 
.PARAMETER AnnounceServer
    Write - Boolean
    Specifies whether this server announces itself by using browser announcements.
 
.PARAMETER AsynchronousCredits
    Write - UInt32
    Specifies the asynchronous credits.
 
.PARAMETER AuditSmb1Access
    Write - Boolean
    Enables auditing of SMB version 1 protocol in Windows Event Log.
 
.PARAMETER AutoDisconnectTimeout
    Write - UInt32
    Specifies the auto disconnect time-out.
 
.PARAMETER AutoShareServer
    Write - Boolean
    Specifies that the default server shares are shared out.
 
.PARAMETER AutoShareWorkstation
    Write - Boolean
    Specifies whether the default workstation shares are shared out.
 
.PARAMETER CachedOpenLimit
    Write - UInt32
    Specifies the maximum number of cached open files.
 
.PARAMETER DurableHandleV2TimeoutInSeconds
    Write - UInt32
    Specifies the durable handle v2 time-out period, in seconds.
 
.PARAMETER EnableAuthenticateUserSharing
    Write - Boolean
    Specifies whether authenticate user sharing is enabled.
 
.PARAMETER EnableDownlevelTimewarp
    Write - Boolean
    Specifies whether down-level timewarp support is disabled.
 
.PARAMETER EnableForcedLogoff
    Write - Boolean
    Specifies whether forced logoff is enabled.
 
.PARAMETER EnableLeasing
    Write - Boolean
    Specifies whether leasing is disabled.
 
.PARAMETER EnableMultiChannel
    Write - Boolean
    Specifies whether multi-channel is disabled.
 
.PARAMETER EnableOplocks
    Write - Boolean
    Specifies whether the opportunistic locks are enabled.
 
.PARAMETER EnableSMB1Protocol
    Write - Boolean
    Specifies whether the SMB1 protocol is enabled.
 
.PARAMETER EnableSMB2Protocol
    Write - Boolean
    Specifies whether the SMB2 protocol is enabled.
 
.PARAMETER EnableSecuritySignature
    Write - Boolean
    Specifies whether the security signature is enabled.
 
.PARAMETER EnableStrictNameChecking
    Write - Boolean
    Specifies whether the server should perform strict name checking on incoming connects.
 
.PARAMETER EncryptData
    Write - Boolean
    Specifies whether the sessions established on this server are encrypted.
 
.PARAMETER IrpStackSize
    Write - UInt32
    Specifies the default IRP stack size.
 
.PARAMETER KeepAliveTime
    Write - UInt32
    Specifies the keep alive time.
 
.PARAMETER MaxChannelPerSession
    Write - UInt32
    Specifies the maximum channels per session.
 
.PARAMETER MaxMpxCount
    Write - UInt32
    Specifies the maximum MPX count for SMB1.
 
.PARAMETER MaxSessionPerConnection
    Write - UInt32
    Specifies the maximum sessions per connection.
 
.PARAMETER MaxThreadsPerQueue
    Write - UInt32
    Specifies the maximum threads per queue.
 
.PARAMETER MaxWorkItems
    Write - UInt32
    Specifies the maximum SMB1 work items.
 
.PARAMETER NullSessionPipes
    Write - String
    Specifies the null session pipes.
 
.PARAMETER NullSessionShares
    Write - String
    Specifies the null session shares.
 
.PARAMETER OplockBreakWait
    Write - UInt32
    Specifies how long the create caller waits for an opportunistic lock break.
 
.PARAMETER PendingClientTimeoutInSeconds
    Write - UInt32
    Specifies the pending client time-out period, in seconds.
 
.PARAMETER RejectUnencryptedAccess
    Write - Boolean
    Specifies whether the client that does not support encryption is denied access if it attempts to connect to an encrypted share.
 
.PARAMETER RequireSecuritySignature
    Write - Boolean
    Specifies whether the security signature is required.
 
.PARAMETER ServerHidden
    Write - Boolean
    Specifies whether the server announces itself.
 
.PARAMETER Smb2CreditsMax
    Write - UInt32
    Specifies the maximum SMB2 credits.
 
.PARAMETER Smb2CreditsMin
    Write - UInt32
    Specifies the minimum SMB2 credits.
 
.PARAMETER SmbServerNameHardeningLevel
    Write - UInt32
    Specifies the SMB Service name hardening level.
 
.PARAMETER TreatHostAsStableStorage
    Write - Boolean
    Specifies whether the host is treated as the stable storage.
 
.PARAMETER ValidateAliasNotCircular
    Write - Boolean
    Specifies whether the aliases that are not circular are validated.
 
.PARAMETER ValidateShareScope
    Write - Boolean
    Specifies whether the existence of share scopes is checked during share creation.
 
.PARAMETER ValidateShareScopeNotAliased
    Write - Boolean
    Specifies whether the share scope being aliased is validated.
 
.PARAMETER ValidateTargetName
    Write - Boolean
    Specifies whether the target name is validated.
 
.EXAMPLE 1
 
This example configures all supported SMB Server settings for a node
to ensure they are set to known values.
 
Configuration SmbServerConfiguration_AllProperties_Config
{
    Import-DscResource -ModuleName ComputerManagementDsc
 
    Node localhost
    {
        SmbServerConfiguration SmbServer
        {
            IsSingleInstance = 'Yes'
            AnnounceComment = 'SMB server hello'
            AnnounceServer = $true
            AsynchronousCredits = 64
            AuditSmb1Access = $false
            AutoDisconnectTimeout = 15
            AutoShareServer = $true
            AutoShareWorkstation = $true
            CachedOpenLimit = 10
            DurableHandleV2TimeoutInSeconds = 180
            EnableAuthenticateUserSharing = $false
            EnableDownlevelTimewarp = $false
            EnableForcedLogoff = $true
            EnableLeasing = $true
            EnableMultiChannel = $true
            EnableOplocks = $true
            EnableSecuritySignature = $false
            EnableSMB1Protocol = $false
            EnableSMB2Protocol = $true
            EnableStrictNameChecking = $true
            EncryptData = $false
            IrpStackSize = 15
            KeepAliveTime = 2
            MaxChannelPerSession = 32
            MaxMpxCount = 50
            MaxSessionPerConnection = 16384
            MaxThreadsPerQueue = 20
            MaxWorkItems = 1
            NullSessionPipes = 'NullPipe'
            NullSessionShares = 'NullShare'
            OplockBreakWait = 35
            PendingClientTimeoutInSeconds = 120
            RejectUnencryptedAccess = $true
            RequireSecuritySignature = $false
            ServerHidden = $true
            Smb2CreditsMax = 2048
            Smb2CreditsMin = 128
            SmbServerNameHardeningLevel = 0
            TreatHostAsStableStorage = $false
            ValidateAliasNotCircular = $true
            ValidateShareScope = $true
            ValidateShareScopeNotAliased = $true
            ValidateTargetName = $true
        }
    }
}
 
.EXAMPLE 2
 
This example configures the SMB Server to disable SMB1.
 
Configuration SmbServerConfiguration_DisableSmb1_Config
{
    Import-DscResource -ModuleName ComputerManagementDsc
 
    Node localhost
    {
        SmbServerConfiguration SmbServer
        {
            IsSingleInstance = 'Yes'
            AuditSmb1Access = $false
            EnableSMB1Protocol = $false
        }
    }
}