The information in this article applies to:
- Microsoft Windows NT Workstation version 4.0 Service Pack 3
- Microsoft Windows NT Server version 4.0 Service Pack 3
SUMMARY
This article explains how to enable SMB signing.
MORE INFORMATION
Windows NT 4.0 Service Pack 3 provides an updated version of the Server
Message Block (SMB) authentication protocol, also known as the Common
Internet File System (CIFS) file sharing protocol. For more information on
SMB signing, please see the Windows NT 4.0 Service Pack 3 Readme.txt file.
Perform the following steps to configure SMB signing on a server:
WARNING: Using the registry editor incorrectly can cause serious, system-
wide problems that may require you to reinstall Windows NT. Microsoft
cannot guarantee that any problems resulting from the use of the registry
editor can be solved. Use this tool at your own risk.
- Run Registry Editor (Regedt32.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key:
System\CurrentControlSet\Services\LanManServer\Parameters
- Click Add Value on the Edit menu.
- Add the following two values:
Value Name: EnableSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)
NOTE: The default is 0 (disable)
Name: RequireSecuritySignature
Type: REG_DWORD
Value: 0 (disable), 1 (enable)
NOTE: The default is 0 (disable)
- Click OK and then quit Registry Editor.
- Shut down and restart Windows NT.
Perform the following steps to configure SMB signing on a workstation:
- Run Registry Editor (Regedt32.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key:
\System\CurrentControlSet\Services\Rdr\Parameters
- Click Add Value on the Edit menu.
- Add the following two values:
Value Name: EnableSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)
NOTE: The default is 1 (enable)
Name: RequireSecuritySignature
Type: REG_DWORD
Value: 0 (disable), 1 (enable)
NOTE: The default is 0 (disable)
- Click OK and then quit Registry Editor.
- Shut down and restart Windows NT.
Using SMB signing will slow down the performance when enabled. This
setting is only to be used when network security is a concern. Performance
decrease usually averages between 10 to 15%. The very nature of SMB
signing requires that every packet is signed for and every packet must be
verified.