How do I enable SMB signing?

Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol.

When SMB signing is enabled on both the client and server SMB sessions are authenticated between the machines on a packet by packet basis. This does have a performance hit of between 10 to 15% as every packets signature has to be verified.

To enable SMB signing on the NT Server perform the following:

  1. Start the Registry Editor (Regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
  3. From the Edit menu select New - DWORD value
  4. Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
  5. You should set to 0 for disable (the default) or 1 to enable. Enabling EnableSecuritySignature means if the client also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the client is not SMB signature enabled then communication will fail
  6. Close the registry editor
  7. Shut down and restart Windows NT.

By default a Workstation with SP3 or above is SMB signing enabled but to manually enable:

  1. Start the Registry Editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters
  3. From the Edit menu select New - DWORD value
  4. Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
  5. Enabling EnableSecuritySignature means if the server also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the server is not SMB signature enabled then communication will fail
  6. Close the registry editor
  7. Shut down and restart Windows NT.

If you have set RequireSecuritySignature then any clients not support SMB signing will fail to communicate including logons and you may receive the error:

"Invalid user name or password..."

If you get this then check the workstation is SMB signing enabled.

1st Security Agent

Mail Bomber

Security Administrator

PC Lockup

Access Lock

Access Administrator Pro

ABC Security Protector

1st Security Agent

Mail Bomber

Security Administrator for Windows

PC Lockup

Access Lock

Access Administrator

ABC Security Protector

http//www.softheap.com