How do I enable SMB signing?
Windows NT 4.0 Service Pack 3 provides an updated version of the Server
Message Block (SMB) authentication protocol, also known as the Common Internet
File System (CIFS) file sharing protocol.
When SMB signing is enabled on both the client and server SMB sessions are
authenticated between the machines on a packet by packet basis. This does have a
performance hit of between 10 to 15% as every packets signature has to be
verified.
To enable SMB signing on the NT Server perform the following:
- Start the Registry Editor (Regedit.exe)
- Move to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
- From the Edit menu select New - DWORD value
- Add the following two values EnableSecuritySignature and
RequireSecuritySignature if they do not exist.
- You should set to 0 for disable (the default) or 1 to enable. Enabling
EnableSecuritySignature means if the client also has SMB signing enabled
then that is the preferred communication method, but setting
RequireSecuritySignature to enabled means SMB signing MUST be used and so if
the client is not SMB signature enabled then communication will fail
- Close the registry editor
- Shut down and restart Windows NT.
By default a Workstation with SP3 or above is SMB signing enabled but to
manually enable:
- Start the Registry Editor (regedit.exe)
- Move to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters
- From the Edit menu select New - DWORD value
- Add the following two values EnableSecuritySignature and
RequireSecuritySignature if they do not exist.
- Enabling EnableSecuritySignature means if the server also has SMB signing
enabled then that is the preferred communication method, but setting
RequireSecuritySignature to enabled means SMB signing MUST be used and so if
the server is not SMB signature enabled then communication will fail
- Close the registry editor
- Shut down and restart Windows NT.
If you have set RequireSecuritySignature then any clients not support SMB
signing will fail to communicate including logons and you may receive the error:
"Invalid user name or password..."
If you get this then check the workstation is SMB signing enabled.
http//www.softheap.com