How to Enable SMB Signing in Windows NT

ID: Q161372

The information in this article applies to:
  • Microsoft Windows NT Workstation version 4.0 Service Pack 3
  • Microsoft Windows NT Server version 4.0 Service Pack 3

SUMMARY

This article explains how to enable SMB signing.


MORE INFORMATION

Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol. For more information on SMB signing, please see the Windows NT 4.0 Service Pack 3 Readme.txt file.

Perform the following steps to configure SMB signing on a server:

WARNING: Using the registry editor incorrectly can cause serious, system- wide problems that may require you to reinstall Windows NT. Microsoft cannot guarantee that any problems resulting from the use of the registry editor can be solved. Use this tool at your own risk.

  1. Run Registry Editor (Regedt32.exe).


  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

    System\CurrentControlSet\Services\LanManServer\Parameters


  3. Click Add Value on the Edit menu.


  4. Add the following two values: 
    
      Value Name: EnableSecuritySignature
      Data Type: REG_DWORD
      Data: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)

      Name: RequireSecuritySignature
      Type: REG_DWORD
      Value: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)


  5. Click OK and then quit Registry Editor.


  6. Shut down and restart Windows NT.


Perform the following steps to configure SMB signing on a workstation:
  1. Run Registry Editor (Regedt32.exe).


  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:

    \System\CurrentControlSet\Services\Rdr\Parameters


  3. Click Add Value on the Edit menu.


  4. Add the following two values: 
    
      Value Name: EnableSecuritySignature
      Data Type: REG_DWORD
      Data: 0 (disable), 1 (enable)

         NOTE: The default is 1 (enable)

      Name: RequireSecuritySignature
      Type: REG_DWORD
      Value: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)


  5. Click OK and then quit Registry Editor.


  6. Shut down and restart Windows NT.


Using SMB signing will slow down the performance when enabled. This setting is only to be used when network security is a concern. Performance decrease usually averages between 10 to 15%. The very nature of SMB signing requires that every packet is signed for and every packet must be verified.

Additional query words: 4.00 sp3

Keywords : kbenv kbnetwork NTSrvWkst
Version : 4.0
Platform : winnt
Issue type : kbhowto


Last Reviewed: February 2, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.