The company I work for is looking into configuring SMB signing between our clients and our servers. However, we want to handle this with extreme care, as from what I've read, just charging in and enabling AND enforcing it can cause some issues. My biggest question though is, if we set the GPO setting "Microsoft network client: Digitally sign communications (always)" to enabled on CLIENTS (ie, enforce SMB on clients), but set the GPO setting "Microsoft network server: Digitally sign communications (if client agrees)" to enabled on SERVERS (ie, enabling it but not enforcing it), will this force the use of SMBv3 between our clients and servers? Ideally, we would apply the GPO setting to the SERVERS first, and then once done we would begin applying the CLIENT GPO setting to specific OUs to make sure they can still communicate. My hope is that by doing this, we can start to roll out SMB signing without any major impacts to the applications our company uses (which is quite a few).
Is my assumption on this accurate, or will proceeding to roll it out in this way cause massive issues?
Thanks in advance.
Edit, just to add some info on our environment: All of our domain controllers, and various application servers are Server 2012 or Server 2012 R2. Our File server however, which we have user home directories saved in, is Server 2008. All workstation clients are on Windows 10.
<style><br _moz_dirty="" /></style>
<style></style>