When attempting to create a new item on a Windows network share, you might encounter a security-related error that prevents the connection:

“New-Item: You can’t access this shared folder because your computer is configured to require SMB signing. These policies help protect your PC from unsafe or malicious devices on the network.”

This error indicates a security policy mismatch between your client machine and the server hosting the share. It’s not a permissions issue, but rather a conflict in how the two machines handle the integrity of SMB (Server Message Block) traffic.

This guide explains what SMB signing is and how to resolve this error.

Understanding the Root Cause: SMB Signing Mismatch

SMB signing is a security feature in the SMB protocol that helps verify the authenticity and integrity of SMB packets. It prevents “man-in-the-middle” attacks where an attacker could intercept and alter SMB traffic.

The error occurs when:

  • Your client machine is configured to require SMB signing for all connections.
  • The server you are trying to connect to does not support or enforce SMB signing.

Because the client’s security policy cannot be met, it refuses to establish the connection, resulting in the error message. This happens before authentication, so even if you have the correct permissions, the connection will fail.

The Solution: Aligning SMB Signing Policies

You have two main options to resolve this issue:

  1. Disable the SMB signing requirement on the client (Recommended for trusted networks). This is the quickest and most common fix, especially for internal or lab environments.
  2. Enable and require SMB signing on the server (More secure). This is the better option for production environments, but it requires administrative access to the server.

Option 1: Disable SMB Signing Requirement on the Client (Quick Fix)

You can disable the client-side requirement for SMB signing by modifying the Windows Registry.

Using a .reg File (Easiest Method)

  1. Copy the following text into a new text file: 
    Windows Registry Editor Version 5.00

; Disable SMB signing requirement on the CLIENT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"RequireSecuritySignature"=dword:00000000
"EnableSecuritySignature"=dword:00000000
  2. Save the file with a .reg extension (e.g., Disable-SMB-Signing-Client.reg).
  3. Double-click the file and accept the prompts to merge it into your registry.
  4. No reboot is needed, but you may need to restart the Explorer process for the changes to take full effect. 
    taskkill /f /im explorer.exe && start explorer.exe

Using PowerShell

You can achieve the same result by running the following commands in an elevated PowerShell prompt on the client machine:

# Disable the requirement for SMB signing on the client
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "RequireSecuritySignature" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "EnableSecuritySignature" -Value 0 -Type DWord -Force

Write-Host "SMB signing requirement has been disabled on this client." -ForegroundColor Green

After applying either of these changes, you should be able to access the network share immediately.

Option 2: Enable SMB Signing on the Server (More Secure)

If you have administrative access to the server and want to maintain a higher level of security, you can enable SMB signing on the server instead.

Run the following commands in an elevated PowerShell prompt on the server:

# Enable and require SMB signing on the SERVER
Set-SmbServerConfiguration -RequireSecuritySignature $true -Force
Set-SmbServerConfiguration -EnableSecuritySignature $true -Force

# Restart the SMB server service to apply the changes
Restart-Service LanmanServer -Force

Write-Host "SMB signing has been enabled and required on this server." -ForegroundColor Green

Once the server is configured to use SMB signing, your client (which already requires it) will be able to connect securely.

How to Check Current SMB Signing Settings

You can check the current SMB signing configuration on both the client and the server using these PowerShell commands:

On the Client: 

Get-SmbClientConfiguration | Select-Object RequireSecuritySignature, EnableSecuritySignature

On the Server: 

Get-SmbServerConfiguration | Select-Object RequireSecuritySignature, EnableSecuritySignature

Conclusion

The “SMB signing required” error is a security feature, not a bug. It arises from a mismatch in security policies between your client and the server.

  • For quick access in trusted networks, disabling the signing requirement on the client is the fastest solution.
  • For production or security-sensitive environments, enabling and requiring SMB signing on the server is the recommended best practice.

By aligning the SMB signing policies on both machines, you can resolve this error and restore access to your network shares.