RE: To disable SMB packet and secure channel signing enforcement on Windows Server 2003-based domain controllers

From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 05/05/05

  • Next message: Murad Talukdar: "RE: To disable SMB packet and secure channel signing enforcement on Windows Server 2003-based domain controllers" 
    Date: Wed, 04 May 2005 22:38:21 -0400
To: "'Murad Talukdar'" <talukdar_m@subway.com>, "'?????? ??????'" <morsin@eastbridge.tula.ru>

    Well, that was certainly an easier solution than we'd all expected, wasn't
    it? ;-)

    Laura

    > -----Original Message-----
    > From: Murad Talukdar [mailto:talukdar_m@subway.com]
    > Sent: Wednesday, May 04, 2005 7:30 PM
    > To: '?????? ??????'
    > Cc: focus-ms@securityfocus.com
    > Subject: RE: To disable SMB packet and secure channel signing
    > enforcement on Windows Server 2003-based domain controllers
    >
    > >>1. Return back to "Enabled" secure channel ecnryption
    > requirement. SMB
    > file
    > sharing has nothing to do woth it. Secure Channel is used by
    > domain member computers to pass user authentication
    > information to DCs.
    >
    > Now the thing here is; in order to allow the scanner access
    > to the shared drives, I was advised to setup a 'user' so that
    > there would not be any authentication issues. Then I had to
    > allow that 'user' permissions etc on the folders in question.
    > This was the only way I could find that the scanner could
    > actually dump the files to the req'd share.
    > I will try it and see if that allows the scan to dump the file.
    > Sorry, I should have mentioned this at the beginning but was
    > trying to keep it succinct. (I can already hear sucking in of breath!)
    >
    > Murad
    > -----Original Message-----
    > From: ?????? ?????? [mailto:morsin@eastbridge.tula.ru]
    > Sent: Wednesday, May 04, 2005 10:52 PM
    > To: Murad Talukdar
    > Subject: Re: To disable SMB packet and secure channel signing
    > enforcement on Windows Server 2003-based domain controllers
    >
    >
    > ----- Original Message -----
    > > 1. From Administrative Tools open Domain Controller
    > Security Policy 2.
    > > Smile
    > > 3. Select \Security Settings\Local Policies\Security
    > Options folder. 4. In
    > > the details pane, double-click Microsoft network server:
    > Digitally sign
    > > communications (always), and then click Disabled to prevent
    > SMB packet
    > > signing from being required. 5. Click OK. 6. In the details pane,
    > > double-click Domain member: Digitally encrypt or sign
    > secure channel data
    > > (always), and then click Disabled to prevent secure channel
    > signing from
    > > being required. 7. Click OK.
    >
    > 1. Return back to "Enabled" secure channel ecnryption
    > requirement. SMB file
    > sharing has nothing to do woth it. Secure Channel is used by
    > domain member
    > computers to pass user authentication information to DCs.
    > 2. There are companion settings "Digitally sign
    > communications (always)" and
    >
    > "Digitally sign communications (when possible)" for both servers and
    > workstations. Set first to "Disabled" and second to "Enabled"
    > and your DCs
    > will communicate securely with users and insecurely with your
    > printer.
    >
    >
    >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Murad Talukdar: "RE: To disable SMB packet and secure channel signing enforcement on Windows Server 2003-based domain controllers"

    Relevant Pages