Microsoft has released the latest build of Windows 11 for members of the Windows Insider program in the Canary Channel. The new build number is 25951 and includes some new SMB-related features, along with bug fixes and some known issues. You can also download the ISO files for this build.
Here is the changelog:
What’s new in Build 25951
Block SMB NTLM
Starting with this build (Build 25951), the SMB client now supports NTLM blocking for remote outgoing connections. This changes legacy behavior when Windows SPNEGO Will negotiate Kerberos, NTLM and other mechanisms with the target server to decide on a supported security package. NTLM in this case refers to all versions of the LAN Manager security package: LM, NTLM and NTLMv2.
With this new option, an administrator can intentionally block Windows from offering NTLM over SMB. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive NTLM data and be unable to brute force, crack, or pass a password because it will never be sent over the network. It adds a new level of protection to organizations without requiring it Completely disable NTLM Using the operating system. You can set this option with Group Policy and PowerShell. You can also block the use of NTLM on SMB connections on demand with NET USE and PowerShell.
For more information on setting up and troubleshooting NTLM blocking, see https://aka.ms/SmbNtlmBlock.
SMB dialect management
Starting with this build (Build 25951), the SMB server now supports controlling which dialects of SMB 2 and 3 it will negotiate. This changes the previous behavior, where Windows SMB always negotiated the most appropriate server dialect from SMB 2.0.2 to 3.1.1 clients. Starting with Windows 10, support has been added for Mastering SMB client dialectsBut not server dialects.
With this new option, an administrator can remove old SMB protocols from use in the organization, and block older, less secure and less capable Windows and third-party connections.
You can set this option with Group Policy and PowerShell. Both SMB client and server now include full management support (previously client support was only Manual registry editing).
For more information on understanding and defining SMB dialects, see https://aka.ms/SmbDialectManage.
changes and improvements
- Adjusted the network port on the lock screen to better match the network port UI from quick settings in the system tray on the taskbar.
- Some popular games may not work properly in the latest Insider Preview formats on the Canary Channel. Please be sure to submit feedback in the Feedback Hub about any issues you see with playing games in these builds.
- [NEW] We are investigating reports that the print queue is no longer accessible.
you can check Full blog post here: