JSI Tip 0992. SMB message signing will slow network performance.

Starting with SP3, Windows NT 4.0 supports Server Message Block (SMB) signing, to implement heightened security. SMB or CIFS (Common Internet File System) signing enhances security by insuring that every packet is signed for and verified. This generally places an additional 10% - 15% overhead on the network. To implement SMB signing, use Regedt32 to navigate to:

Server(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

Add Value names as type REG_DWORD:

EnableSecuritySignature and RequireSecuritySignature

Set both values to 1 (enable). The default is 0 (disable).

Restart your server.

NOTE: It is important that both values has the same setting.

Workstation(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters

Add Value names as type REG_DWORD:

EnableSecuritySignature and RequireSecuritySignature

Set both values to 1 (enable). The default is 0 (disable).

Restart your workstation.

NOTE: It is important that both values has the same setting.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish