From 4b89e17eb5a067074013787fd705fb7b98080c50 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Thu, 18 Apr 2024 01:43:57 -0700
Subject: [PATCH] Enforce SMB encryption

Signed-off-by: Tommy <contact@tommytran.io>
---
 .../Default Domain Policy/Security Options.md                 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Group Policies Objects/Default Domain Policy/Security Options.md b/Group Policies Objects/Default Domain Policy/Security Options.md
index a606c73..f7946ee 100644
--- a/Group Policies Objects/Default Domain Policy/Security Options.md	
+++ b/Group Policies Objects/Default Domain Policy/Security Options.md	
@@ -6,7 +6,9 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-se
 
 - Domain controller: LDAP server signing requirements: Require signing (**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**)
 - Domain controller: LDAP server channel binding token requirements: Always
-- Microsoft network client: Digitally sign communications: Always
+- Domain member: Digitally encrypt or sign secure channel data (always) -> Enabled
+- Microsoft network client: Digitally sign communications (always) -> Enabled
+- Microsoft network server: Digitally sign communications (always) -> Enabled
 - Network security: LDAP client signing requirements: Require signing
 - Shutdown: Clear virtual memory pagefile -> Enabled
 - User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop -> Disabled