How to enable SMB signing in Windows NT

Summary

This article explains how to enable SMB signing.

More Information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol. For more information on SMB signing, please see the Windows NT 4.0 Service Pack 3 Readme.txt file.


Perform the following steps to configure SMB signing on a server:

  1. Run Registry Editor (Regedt32.exe).
  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

    System\CurrentControlSet\Services\LanManServer\Paramete
  3. Click Add Value on the Edit menu.
  4. Add the following two values:


    Value Name: EnableSecuritySignature
    Data Type: REG_DWORD
    Data: 0 (disable), 1 (enable)

    NOTE: The default is 0 (disable)

    Name: RequireSecuritySignature
    Type: REG_DWORD
    Value: 0 (disable), 1 (enable)

    NOTE: The default is 0 (disable)
  5. Click OK and then quit Registry Editor.
  6. Shut down and restart Windows NT.
Perform the following steps to configure SMB signing on a workstation:
  1. Run Registry Editor (Regedt32.exe).
  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

    \System\CurrentControlSet\Services\Rdr\Paramete
  3. Click Add Value on the Edit menu.
  4. Add the following two values:


    Value Name: EnableSecuritySignature
    Data Type: REG_DWORD
    Data: 0 (disable), 1 (enable)

    NOTE: The default is 1 (enable)

    Name: RequireSecuritySignature
    Type: REG_DWORD
    Value: 0 (disable), 1 (enable)

    NOTE: The default is 0 (disable)
  5. Click OK and then quit Registry Editor.
  6. Shut down and restart Windows NT.
Although the use of SMB signing causes slower network performance, we recommend its use in any environment where hostile network activity might occur. (SMB signing slows network performance from 10 to 15 percent, on average.) The performance decrease is caused by the requirement to digitally sign and verify each packet that is transmitted on the network.
Propriedades

ID do Artigo: 161372 - Última Revisão: 15/03/2008 - Revisão: 1

Comentários