Turn off SMB Signing?

S

Steve V.

Thanks in advance for anyone who can help with this question. I am running a
small network with Windows 2003 server. I have a Ricoh Multifunction
Copier/Scanner/Fax which allows documents to be scanned and then stored
directly to a location on a network server. To do this, you simply enter the
path into the printer where you want the scans to go. However I have found
that because of 'SMB signing' being enabled, I cannot browse the network
ffrom the printer OR store the scans to the network. If I turn off or
disable SMB signing at the server by changing the following registry keys;

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

Add Value names as type REG_DWORD: EnableSecuritySignature and
RequireSecuritySignature

Set both values to 1 (enable). The default is 0 (disable).



Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a matter
of hours, the registry keys that I changed have reverted back to their old
values and SMB signing is re-enabled. I am guessing that this is due to the
group policy on my server but I am not sure. So, all this being said my
questions are as follows;



1) Am I turning off SMB signing properly? Is there a setting within the
group policy that I have not been able to find?

2) Is it even a good Idea to turn this off? What are the drawbacks of
disabling SMB signing?



Thanks again so much for any advice!


Steve V.

(e-mail address removed)

Hickory, PA
 
J

John Negus

In the Domain Controllers GPO

Computer Configuration->Windows Settings->Security Settings->Local
Policies->Security Options->Microsoft Network Server:

Digitally Sign Communications (Always) (Enabled by default on 2003) or
Digitally Sign Communications (if client agrees).

Try these...... HTH
 
S

Steven L Umbach

SMB signing insures the integrity of the packets in that they have not been
modified from their original state. It does however not encrypt the packets.
For most networks this is probably not an issue. What you can try is to
disable the server digitally sign communications(always) only which still
will allow those computers that can use SMB signing to use it but not force
non capable operating systems/devices from using it. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Server 2003 upgrade Group Policy and DFS problems - SMB Signing 2
SMB signing 1
Registry Changes not Persistent 4
Yet another: The account is not authorized to log in from this station 1
Nasty 1202 Warning and no apparent fix! 2
"Delayed Write Failed" but not SMB Signing ? 1
Different levels of connectivity 4
Cname - SMB Signing - DisableStrictNameChecking 2

Top