Windows Server SMB Authentication Rate Limiter

By Andrei Ungureanu - Last updated: Sunday, March 20, 2022 - Save & Share - Leave a Comment

A small but cool feature is available in the new insider version of Windows Server (soon to be available on Windows 11 too) called SMB Authentication Rate Limiter. This will slow down NTLM brute force attacks against SMB servers and will be a good protection for those small environments where advanced analytics and monitoring are not in place.

By default a delay of 2 seconds will be added between each failed NTLM logon and can be disabled or fine tuned to your desire (10 seconds maximum).

Configuration is done via Powershell using Set-SmbServerConfiguration:

Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n 

More details here:

Posted in Windows Server • Tags: , , , Top Of Page

Write a comment