This section explains how to use the qq smb_modify_settings command.

Examples

Hiding an SMB Share from Unauthorized Hosts

For more information, see:

To Hide an SMB Share from Unauthorized Hosts

Run the qq smb_modify_settings command and set the --hide-shares-from-unauthorized-hosts flag to true.

Configuring Cluster-Level SMB3 Encryption

For more information, see:

To Configure Cluster-Level SMB3 Encryption

Run the qq smb_modify_settings command and set the --encryption-mode flag to one of the following:

  • NONE
  • PREFER
  • REQUIRE

To Disable SMB3 Negotiation to Improve Workload Performance

Run the qq smb_modify_settings command and specify the supported SMB dialects. For example:

qq smb_modify_settings \
  --supported-dialects SMB2_DIALECT_2_1

To Enable SMB3 Negotiation

Run the qq smb_modify_settings command and specify the supported SMB dialects. For example:

qq smb_modify_settings \
  --supported-dialects SMB2_DIALECT_2_1 \
    SMB2_DIALECT_3_0

Description

Set SMB server settings

Usage

qq smb_modify_settings [-h] [-e {none,preferred,required}] [-d dialect_1 [dialect_2 ...]] [--hide-shares-from-unauthorized-hosts {true,false}] [--hide-shares-from-unauthorized-users {true,false}]
    [--snapshot-directory-mode {visible,hidden,disabled}] [--bypass-traverse-checking {true,false}] [--signing-required {true,false}]

Flags

Flag Name Required Description
-e No Server encryption mode to set
-d No Specify a space-separated list of SMB dialects that clients are permitted to negotiate. To disable SMB, specify -d "". Available dialects: smb2_dialect_2_002, smb2_dialect_2_1, smb2_dialect_3_0, smb2_dialect_3_11. Alternatively, use -d ALL to allow all supported dialects.
--hide-shares-from-unauthorized-hosts No Configure share listing to omit shares to which the requesting host isn't authorized to connect.
--hide-shares-from-unauthorized-users No Configure share listing to omit shares to which the requesting user isn't authorized to connect. Important: Clients which don't have passwordless authentication typically list shares by using guest privileges. This flag typically hides all shares from this client type.
--snapshot-directory-mode No When you set this flag to visible, the .snapshot directory appears at the root of shares during directory listing operations. The .snapshot directory is also accessible by name in any directory. When you set this flag to hidden, .snapshot directories do not appear in directory listings but remains accessible by name. When you set this flag to disabled, .snapshot directories are not accessible and snapshots are available only through the Restore Previous Versions dialog box on Windows.
--bypass-traverse-checking No Enables bypass traverse checking for all users and directories. For example, a user who tries to access directory /x/y and has permissions to the /x directory but not to the /x/y directory can access the /x/y directory. A user still requires permissions to the /x directory to view its contents.
--signing-required No If the user is not a guest, require all messages to be signed. This flag applies to all SMB shares.