 Hey, folks, Ned here again with a new feature for you to explore in Windows Server Insider. It's the SMB authentication rate limiter. And here's how this thing works. You get a Windows Server Insider build, and you'll notice now there's a new property of the SMB server called invalid authentication delay time in milliseconds. That's the number of milliseconds between sending a bad authentication request to SMB and being replied to. It's designed to slow down and really aggravate brute force attempts. So by default, it's two seconds, I'm going to set it to zero seconds to be like how Windows has been for decades to show you the today experience, the not insider experience. And I've written this terrible script where I'm abusing SMB mappings as a way to do authentications. So what I'm going to do here is be able to send an attempted login via a drive mapping, which is not a very efficient way to test this feature. But it's the quickest one I can come up with. And I'm going to do it in a loop, trying as many times as I can per second to guess a password. So I'm going to do a thousand of these against my server that I was just mucking around with in PowerShell. And this is my credential, the Ned. It's a local credential using NTLM. So I'm going to try a thousand passwords. And it's going as fast as it can, which in the world of PowerShell and new SMB mapping is a few dozen bad attempts per second, which is still pretty fast. It's not going to be as fast as the cool open source penetration tools and stuff that can do hundreds of passwords a second and be nifty like that and about 45 a second. So 22 seconds, I set a thousand brute force attempts. That's pretty fast, though, just for my crappy script. So let's try this again. But now we're going to go back to our server and set the rate limiter to its default out-of-box setting, which is two seconds between bad attempts. So it's done in milliseconds. Obviously I'm going to do a 2,000 milliseconds here. This is back to being the default out-of-box experience. I'm going to go back and start up my script again. And let's see how long this takes. Same script, same user, same number of attempts, 1,000. Here we go. So I started here, and it is going to be a while. So I'm going to go walk my dogs. And we're enjoying the sights of Seattle, roaming around, killing time. All this script runs and runs and runs and runs. It's going to be a very long walk. Get back. Now we're at an hour and 43 minutes for that same amount of time, that same amount of passwords doing drive mappings as the technique. That's a crazy long amount of time. So how do we learn more about this? Make sure that you head on over to this blog post here and learn more. Grab yourself a copy of Windows Server Insider and try it out for yourself. You want to hear your feedback and get any bugs you might find. Thanks.