SMB Signing

To enable or require Server Message Block (SMB) signing on NT Server, run regedit32 and perform the following steps:

  1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
  2. Click Add Value on the Edit menu.
  3. Add the following two values:

    Value Name: EnableSecuritySignature
    Data Type: REG_DWORD
    Data: 0 (disable), 1 (enable)
    \[Note: The default is 0 (disable)\]

    Value Name: RequireSecuritySignature
    Data Type: REG_DWORD
    Value: 0 (disable), 1 (enable)
    \[Note: The default is 0 (disable)\]

  4. Click OK, and then quit the Registry editor.
  5. Shut down and restart NT.

You can find these steps in Microsoft's Knowledge Base article Q161372 on your TechNet CD-ROM or on the Web,

The Registry key for NT Workstation is different from the key for NT Server. You can find it in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\Rdr\Parameters. The necessary Value options are the same as those for NT Server, so locate and use the NT Workstation key and follow steps 2 through 5.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.