Ask the Expert

How to manually enable SMB signing

Is it advisable to only enable SMB signing for domain controllers? We are considering disabling SMB signing for file and print servers. Would this action help to reduce the risk of attack?

You should enable SMB signing on all systems to truly secure all Windows communications on your network. In fact, if you don't enable it on all systems, you may experience problems on some clients. It's enabled on Server 2003 by default, but you must enable it manually on all other versions of Windows.

Perform the following steps to enable SMB signing:

Inset the REG_WORD entries 'RequireSecuritySignature' and 'EnableSecuritySignature' with a value of 1 to these registry keys:

Windows NT4 clients: HKLM/SYSTEM/CurrentControlSet/Services/Rdr/Parameters

Windows XP/2000 clients: HKLM/SYSTEM/CurrentControlSet/Services/LanManWorkstation/Parameters

Windows NT4/2000/2003 servers: HKLM/SYSTEM/CurrentControlSet/Services/LanManServer/Parameters

For Samba servers, set "server signing=mandatory" in the smb.conf file.

This was first published in December 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: