MS Ai Insider

Exploring the New Features of Windows 11 Insider Preview Build 25951: Enhanced Security and Control over SMB Protocols

Posted by

ailona

Windows 11 Insider Preview Build 25951 is now available on the Canary Channel, introducing new features such as SMB NTLM Blocking and SMB Dialect Management. These features enhance security and control over SMB protocols. The build also includes UI adjustments and has known issues with some popular games.

Windows 11 Insider Preview Build 25951: What’s New?

Windows Insiders, we’re excited to announce the release of Windows 11 Insider Preview Build 25951 to the Canary Channel. This build introduces some significant updates, enhancing security and offering better control over SMB protocols.

SMB NTLM Blocking: Enhancing Security

Starting with this build, the SMB client now supports blocking NTLM for remote outbound connections. This is a major shift from the legacy behavior, where Windows SPNEGO would negotiate Kerberos, NTLM, and other mechanisms with the destination server.

“With this new option, an administrator can intentionally block Windows from offering NTLM via SMB. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass a password, as they will never be sent over the network.”

This new feature adds an extra layer of protection for enterprises without the need to completely disable NTLM usage in the OS. You can configure this option with Group Policy and PowerShell.

SMB Dialect Management: Greater Control

The SMB server now supports controlling which SMB 2 and 3 dialects it will negotiate. This is another departure from the legacy behavior, where Windows SMB always negotiated the highest matched server dialect.

“With this new option, an administrator can remove older SMB protocols from usage in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting.”

This option can be configured with Group Policy and PowerShell. Both SMB client and server now include complete management support.

Changes and Improvements

There are also improvements to the Lock screen. The network flyout on the Lock screen has been adjusted to better match the UI of the network flyout from quick settings in the system tray on the taskbar.

However, please note that some popular games may not work correctly on the most recent Insider Preview builds in the Canary Channel. We encourage you to submit feedback on any issues you encounter while playing games.

Stay tuned for more updates and improvements in future builds.

  • The SMB client now supports blocking NTLM for remote outbound connections, enhancing security.
  • An administrator can block Windows from offering NTLM via SMB, preventing potential attacks.
  • The SMB server now supports controlling which SMB 2 and 3 dialects it will negotiate, allowing admins to remove older, less secure protocols.
  • UI adjustments have been made to the network flyout on the Lock screen to match the system tray on the taskbar.
  • Known issue: Some popular games may not work correctly on the most recent Insider Preview builds in the Canary Channel.

    • From the Windows Blog


    , , , , , , , , , , , , , , ,

    ailona

    Follow Us

    [adinserter name=”Block 4″]

    Recent Posts

    Categories

    Tags

    365 and Azure build community copilot core developer enhanced exploring features for guide infrastructure insider Intune latest microsoft microsoft’s new power preview Security stories: Teams the unlock Windows with your