Turn off SMB Signing?

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks in advance for anyone who can help with this question. I am running a
small network with Windows 2003 server. I have a Ricoh Multifunction
Copier/Scanner/Fax which allows documents to be scanned and then stored
directly to a location on a network server. To do this, you simply enter the
path into the printer where you want the scans to go. However I have found
that because of 'SMB signing' being enabled, I cannot browse the network
ffrom the printer OR store the scans to the network. If I turn off or
disable SMB signing at the server by changing the following registry keys;

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

Add Value names as type REG_DWORD: EnableSecuritySignature and
RequireSecuritySignature

Set both values to 1 (enable). The default is 0 (disable).



Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a matter
of hours, the registry keys that I changed have reverted back to their old
values and SMB signing is re-enabled. I am guessing that this is due to the
group policy on my server but I am not sure. So, all this being said my
questions are as follows;



1) Am I turning off SMB signing properly? Is there a setting within the
group policy that I have not been able to find?

2) Is it even a good Idea to turn this off? What are the drawbacks of
disabling SMB signing?



Thanks again so much for any advice!


Steve V.

steve@pcwhip.com

Hickory, PA

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

In the Domain Controllers GPO

Computer Configuration->Windows Settings->Security Settings->Local
Policies->Security Options->Microsoft Network Server:

Digitally Sign Communications (Always) (Enabled by default on 2003) or
Digitally Sign Communications (if client agrees).

Try these...... HTH

--
John Negus
MSEtechnology
--



"Steve V." <steve@pcwhip.com> wrote in message
news:%23y2sFAq5EHA.4072@TK2MSFTNGP10.phx.gbl...
> Thanks in advance for anyone who can help with this question. I am
> running a small network with Windows 2003 server. I have a Ricoh
> Multifunction Copier/Scanner/Fax which allows documents to be scanned
> and then stored directly to a location on a network server. To do
> this, you simply enter the path into the printer where you want the
> scans to go. However I have found that because of 'SMB signing' being
> enabled, I cannot browse the network ffrom the printer OR store the
> scans to the network. If I turn off or disable SMB signing at the
> server by changing the following registry keys;
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
>
> Add Value names as type REG_DWORD: EnableSecuritySignature and
> RequireSecuritySignature
>
> Set both values to 1 (enable). The default is 0 (disable).
>
>
>
> Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a
> matter of hours, the registry keys that I changed have reverted back
> to their old values and SMB signing is re-enabled. I am guessing that
> this is due to the group policy on my server but I am not sure. So,
> all this being said my questions are as follows;
>
>
>
> 1) Am I turning off SMB signing properly? Is there a setting within
> the group policy that I have not been able to find?
>
> 2) Is it even a good Idea to turn this off? What are the drawbacks of
> disabling SMB signing?
>
>
>
> Thanks again so much for any advice!
>
>
> Steve V.
>
> steve@pcwhip.com
>
> Hickory, PA
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

What might be the drawbacks of disabling SMB signing? Anyone know?

"John Negus" <jnegus@mask.msetechnology.com> wrote in message
news:usbTCHs5EHA.1392@tk2msftngp13.phx.gbl...
> In the Domain Controllers GPO
>
> Computer Configuration->Windows Settings->Security Settings->Local
> Policies->Security Options->Microsoft Network Server:
>
> Digitally Sign Communications (Always) (Enabled by default on 2003) or
> Digitally Sign Communications (if client agrees).
>
> Try these...... HTH
>
> --
> John Negus
> MSEtechnology
> --
>
>
>
> "Steve V." <steve@pcwhip.com> wrote in message
> news:%23y2sFAq5EHA.4072@TK2MSFTNGP10.phx.gbl...
>> Thanks in advance for anyone who can help with this question. I am
>> running a small network with Windows 2003 server. I have a Ricoh
>> Multifunction Copier/Scanner/Fax which allows documents to be scanned and
>> then stored directly to a location on a network server. To do this, you
>> simply enter the path into the printer where you want the scans to go.
>> However I have found that because of 'SMB signing' being enabled, I
>> cannot browse the network ffrom the printer OR store the scans to the
>> network. If I turn off or disable SMB signing at the server by changing
>> the following registry keys;
>>
>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
>>
>> Add Value names as type REG_DWORD: EnableSecuritySignature and
>> RequireSecuritySignature
>>
>> Set both values to 1 (enable). The default is 0 (disable).
>>
>>
>>
>> Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a
>> matter of hours, the registry keys that I changed have reverted back to
>> their old values and SMB signing is re-enabled. I am guessing that this
>> is due to the group policy on my server but I am not sure. So, all this
>> being said my questions are as follows;
>>
>>
>>
>> 1) Am I turning off SMB signing properly? Is there a setting within the
>> group policy that I have not been able to find?
>>
>> 2) Is it even a good Idea to turn this off? What are the drawbacks of
>> disabling SMB signing?
>>
>>
>>
>> Thanks again so much for any advice!
>>
>>
>> Steve V.
>>
>> steve@pcwhip.com
>>
>> Hickory, PA
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

security, for one (the most part).


"Steve V." wrote:

> What might be the drawbacks of disabling SMB signing? Anyone know?
>
> "John Negus" <jnegus@mask.msetechnology.com> wrote in message
> news:usbTCHs5EHA.1392@tk2msftngp13.phx.gbl...
> > In the Domain Controllers GPO
> >
> > Computer Configuration->Windows Settings->Security Settings->Local
> > Policies->Security Options->Microsoft Network Server:
> >
> > Digitally Sign Communications (Always) (Enabled by default on 2003) or
> > Digitally Sign Communications (if client agrees).
> >
> > Try these...... HTH
> >
> > --
> > John Negus
> > MSEtechnology
> > --
> >
> >
> >
> > "Steve V." <steve@pcwhip.com> wrote in message
> > news:%23y2sFAq5EHA.4072@TK2MSFTNGP10.phx.gbl...
> >> Thanks in advance for anyone who can help with this question. I am
> >> running a small network with Windows 2003 server. I have a Ricoh
> >> Multifunction Copier/Scanner/Fax which allows documents to be scanned and
> >> then stored directly to a location on a network server. To do this, you
> >> simply enter the path into the printer where you want the scans to go.
> >> However I have found that because of 'SMB signing' being enabled, I
> >> cannot browse the network ffrom the printer OR store the scans to the
> >> network. If I turn off or disable SMB signing at the server by changing
> >> the following registry keys;
> >>
> >> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
> >>
> >> Add Value names as type REG_DWORD: EnableSecuritySignature and
> >> RequireSecuritySignature
> >>
> >> Set both values to 1 (enable). The default is 0 (disable).
> >>
> >>
> >>
> >> Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a
> >> matter of hours, the registry keys that I changed have reverted back to
> >> their old values and SMB signing is re-enabled. I am guessing that this
> >> is due to the group policy on my server but I am not sure. So, all this
> >> being said my questions are as follows;
> >>
> >>
> >>
> >> 1) Am I turning off SMB signing properly? Is there a setting within the
> >> group policy that I have not been able to find?
> >>
> >> 2) Is it even a good Idea to turn this off? What are the drawbacks of
> >> disabling SMB signing?
> >>
> >>
> >>
> >> Thanks again so much for any advice!
> >>
> >>
> >> Steve V.
> >>
> >> steve@pcwhip.com
> >>
> >> Hickory, PA
> >>
> >>
> >
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

SMB signing insures the integrity of the packets in that they have not been
modified from their original state. It does however not encrypt the packets.
For most networks this is probably not an issue. What you can try is to
disable the server digitally sign communications(always) only which still
will allow those computers that can use SMB signing to use it but not force
non capable operating systems/devices from using it. --- Steve


"Steve V." <steve@pcwhip.com> wrote in message
news:%23LrmPps5EHA.1524@TK2MSFTNGP09.phx.gbl...
> What might be the drawbacks of disabling SMB signing? Anyone know?
>
> "John Negus" <jnegus@mask.msetechnology.com> wrote in message
> news:usbTCHs5EHA.1392@tk2msftngp13.phx.gbl...
>> In the Domain Controllers GPO
>>
>> Computer Configuration->Windows Settings->Security Settings->Local
>> Policies->Security Options->Microsoft Network Server:
>>
>> Digitally Sign Communications (Always) (Enabled by default on 2003) or
>> Digitally Sign Communications (if client agrees).
>>
>> Try these...... HTH
>>
>> --
>> John Negus
>> MSEtechnology
>> --
>>
>>
>>
>> "Steve V." <steve@pcwhip.com> wrote in message
>> news:%23y2sFAq5EHA.4072@TK2MSFTNGP10.phx.gbl...
>>> Thanks in advance for anyone who can help with this question. I am
>>> running a small network with Windows 2003 server. I have a Ricoh
>>> Multifunction Copier/Scanner/Fax which allows documents to be scanned
>>> and then stored directly to a location on a network server. To do this,
>>> you simply enter the path into the printer where you want the scans to
>>> go. However I have found that because of 'SMB signing' being enabled, I
>>> cannot browse the network ffrom the printer OR store the scans to the
>>> network. If I turn off or disable SMB signing at the server by changing
>>> the following registry keys;
>>>
>>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
>>>
>>> Add Value names as type REG_DWORD: EnableSecuritySignature and
>>> RequireSecuritySignature
>>>
>>> Set both values to 1 (enable). The default is 0 (disable).
>>>
>>>
>>>
>>> Then I CAN browse the network from the Ricoh Printer. HOWEVER, in a
>>> matter of hours, the registry keys that I changed have reverted back to
>>> their old values and SMB signing is re-enabled. I am guessing that this
>>> is due to the group policy on my server but I am not sure. So, all this
>>> being said my questions are as follows;
>>>
>>>
>>>
>>> 1) Am I turning off SMB signing properly? Is there a setting within the
>>> group policy that I have not been able to find?
>>>
>>> 2) Is it even a good Idea to turn this off? What are the drawbacks of
>>> disabling SMB signing?
>>>
>>>
>>>
>>> Thanks again so much for any advice!
>>>
>>>
>>> Steve V.
>>>
>>> steve@pcwhip.com
>>>
>>> Hickory, PA
>>>
>>>
>>
>>
>
>

 

[TheOwl]

Steve,

I would ring your local Richo dealership / branch and ask them if the machine is capable of signing SMB packets itself. It maybe that your machine just might need a firmware upgrade to get this function enabled.

Digital SMB Packet signing stops a third party from interupting the packet flow and trying to gain access to the information contained with in the packets.

Alot of older copiers cannot cope with this and require the group policy to be changed. Most newer copiers just require a firmware upgrade to allow them to sign SMB packets.

By default, you should only run into this problem if you are using a 2003 SBS Server, or have an SBS server as your primary domain controller.