How to Enable SMB Signing in Windows NT

Last reviewed: November 18, 1997
Article ID: Q161372
The information in this article applies to:
  • Microsoft Windows NT Workstation version 4.0 Service Pack 3
  • Microsoft Windows NT Server version 4.0 Service Pack 3

SUMMARY

This article explains how to enable SMB signing.

MORE INFORMATION

Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol. For more information on SMB signing, please see the Windows NT 4.0 Service Pack 3 Readme.txt file.

Perform the following steps to configure SMB signing on a server:

WARNING: Using the registry editor incorrectly can cause serious, system- wide problems that may require you to reinstall Windows NT. Microsoft cannot guarantee that any problems resulting from the use of the registry editor can be solved. Use this tool at your own risk.

  1. Run Registry Editor (Regedt32.exe).

  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

          System\CurrentControlSet\Services\LanManServer\Parameters
    

  3. Click Add Value on the Edit menu.

  4. Add the following two values:

          Value Name: EnableSecuritySignature
          Data Type: REG_DWORD
          Data: 0 (disable), 1 (enable)
    

             NOTE: The default is 0 (disable)
    
          Name: RequireSecuritySignature
          Type: REG_DWORD
          Value: 0 (disable), 1 (enable)
    
             NOTE: The default is 0 (disable)
    
    

  5. Click OK and then quit Registry Editor.

  6. Shut down and restart Windows NT.

Perform the following steps to configure SMB signing on a workstation:

  1. Run Registry Editor (Regedt32.exe).

  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

          \System\CurrentControlSet\Services\Rdr\Parameters
    

  3. Click Add Value on the Edit menu.

  4. Add the following two values:

          Value Name: EnableSecuritySignature
          Data Type: REG_DWORD
          Data: 0 (disable), 1 (enable)
    

             NOTE: The default is 1 (enable)
    
          Name: RequireSecuritySignature
          Type: REG_DWORD
          Value: 0 (disable), 1 (enable)
    
             NOTE: The default is 0 (disable)
    
    

  5. Click OK and then quit Registry Editor.

  6. Shut down and restart Windows NT.

Using SMB signing will slow down the performance when enabled. This setting is only to be used when network security is a concern. Performance decrease usually averages between 10 to 15%. The very nature of SMB signing requires that every packet is signed for and every packet must be verified.


Additional query words: 4.00 sp3
Keywords : NTSrvWkst kbenv kbnetwork
Version : 4.0
Platform : winnt
Issue type : kbhowto


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: November 18, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.