Problem solve Get help with specific problems with your technologies, process and projects.

How to manually enable SMB signing

Is it advisable to only enable SMB signing for domain controllers? We are considering disabling SMB signing for...

file and print servers. Would this action help to reduce the risk of attack?

You should enable SMB signing on all systems to truly secure all Windows communications on your network. In fact, if you don't enable it on all systems, you may experience problems on some clients. It's enabled on Server 2003 by default, but you must enable it manually on all other versions of Windows.

Perform the following steps to enable SMB signing:

Inset the REG_WORD entries 'RequireSecuritySignature' and 'EnableSecuritySignature' with a value of 1 to these registry keys:

Windows NT4 clients: HKLM/SYSTEM/CurrentControlSet/Services/Rdr/Parameters

Windows XP/2000 clients: HKLM/SYSTEM/CurrentControlSet/Services/LanManWorkstation/Parameters

Windows NT4/2000/2003 servers: HKLM/SYSTEM/CurrentControlSet/Services/LanManServer/Parameters

For Samba servers, set "server signing=mandatory" in the smb.conf file.

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.