How do I enable SMB signing?
December 21, 1999
Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol.
When SMB signing is enabled on both the client and server SMB sessions are authenticated between the machines on a packet by packet basis. This does have a performance hit of between 10% to 15% as every packet's signature has to be verified.
To enable SMB signing on the NT Server, perform the following:
Start the Registry Editor (Regedit.exe)
Move to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanManServerParameters
From the Edit menu select New - DWORD value
Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
You should set to 0 for disable (the default) or 1 to enable. Enabling EnableSecuritySignature means if the client also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the client is not SMB signature enabled then communication will fail
Close the registry editor
Shut down and restart Windows NT.
By default a Workstation with SP3 or above is SMB signing enabled but to manually enable:
Start the Registry Editor (regedit.exe)
Move to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRdrParameters
From the Edit menu select New - DWORD value
Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
Enabling EnableSecuritySignature means if the server also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the server is not SMB signature enabled then communication will fail
Close the registry editor
Shut down and restart Windows NT.
If you have set RequireSecuritySignature then any clients not support SMB signing will fail to communicate including logons and you may receive the error:
"Invalid user name or password..."
If you get this, check the workstation is SMB signing enabled.
About the Author
You May Also Like