Setting up and securing an SMB file server
The first step in creating a file server is to install the necessary features to the server, then harden it. You use the Add-WindowsFeature
cmdlet to add the features necessary for a file server. You can then use the Set-SmbServerConfiguration
cmdlet to improve the configuration.
Since your file server can contain sensitive information, you must take reasonable steps to avoid some of the common attack mechanisms and adopt best security practices. Security is a good thing but, as always, be careful! By locking down your SMB file server too hard, you can lock some users out of the server. SMB 1.0 has a number of weaknesses and, in general, should be removed. But, if you disable SMB 1.0, you may find that older computers (for example, those running Windows XP) lose the ability to access shared data. Before you lock down any of the server configurations, be sure to test your changes carefully.
Getting ready
Run this recipe on FS1
, a new server in the...