Is there a way to find from my Windows 2012 Server if the client has established a signed communication ?
Net Session gives the basic details but does not say anything about signing.
C:\>net session \\a.b.c.d
User name Administrator
Computer a.b.c.d
Guest logon No
Client type
Sess time 00:08:02
Idle time 00:07:50
Share name Type # Opens
--------------------------------------
test Disk 0
The command completed successfully.
Is there any Powershell cmdlet or any administrative tool or command that would provide with such information ? Thanks in advance.
Edit 1:
I also tried the following. Get-SmbConnection should be executed on the client to find the Servers to which the client has establish connections.
PS C:\Users\Administrator> Get-SmbConnection | Select-Object -Property *
ContinuouslyAvailable : False
Credential : domain\administrator
Dialect : 3.00
Encrypted : False
NumOpens : 3
ServerName : server1
ShareName : test
UserName : SERVER1\Administrator
PSComputerName :
CimClass : ROOT/Microsoft/Windows/SMB:MSFT_SmbConnection
CimInstanceProperties : {ContinuouslyAvailable, Credential, Dialect, Encrypted...}
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties
Best Answer
As of the time of this writing, the only way to really know this for sure is to watch the network connection as it's being negotiated through Wireshark or Network Monitor.
Right now, nothing exposes this data through an API, WMI class, etc.
The
Get-SMBConnection
Powershell cmdlet will get you this information in the future, but not today.The cmdlet is simply a wrapper around the
MSFT_SmbConnection
WMI class.Returns the exact same info. If you go read the MSDN documentation for that WMI class, you will see that the documentation lists a
Signed
property in addition to theEncrypted
property that you see today.The documentation then goes on to say:
Windows 10 preview is when it first shows up. So there you have it.