SMB Signing

 Article ID: Q161372 
------------------------------------------------------------------------
The information in this article applies to: 

•Microsoft Windows NT Workstation version 4.0 Service Pack 3

•Microsoft Windows NT Server version 4.0 Service Pack 3 

SUMMARY

This article explains how to enable SMB signing. 


MORE INFORMATION

Windows NT 4.0 Service Pack 3 provides an updated version 
of the Server Message Block (SMB) authentication protocol, 
also known as the Common Internet File System (CIFS) file 
sharing protocol. For more information on SMB signing, 
please see the Windows NT 4.0 Service Pack 3 Readme.txt file. 

Perform the following steps to configure SMB signing on a server: 

WARNING: Using the registry editor incorrectly can cause serious, 
system- wide problems that may require you to reinstall Windows NT. 
Microsoft cannot guarantee that any problems resulting from the 
use of the registry editor can be solved. Use this tool at your 
own risk. 

1.Run Registry Editor (Regedt32.exe). 

2.From the HKEY_LOCAL_MACHINE subtree, go to the following key: 

      System\CurrentControlSet\Services\LanManServer\Parameters

3.Click Add Value on the Edit menu. 

4.Add the following two values: 

      Value Name: EnableSecuritySignature
      Data Type: REG_DWORD
      Data: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)

      Name: RequireSecuritySignature
      Type: REG_DWORD
      Value: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)


5.Click OK and then quit Registry Editor. 

6.Shut down and restart Windows NT. 


Perform the following steps to configure SMB signing on a workstation: 


1.Run Registry Editor (Regedt32.exe). 

2.From the HKEY_LOCAL_MACHINE subtree, go to the following key: 

      \System\CurrentControlSet\Services\Rdr\Parameters

3.Click Add Value on the Edit menu. 

4.Add the following two values: 

      Value Name: EnableSecuritySignature
      Data Type: REG_DWORD
      Data: 0 (disable), 1 (enable)

         NOTE: The default is 1 (enable)

      Name: RequireSecuritySignature
      Type: REG_DWORD
      Value: 0 (disable), 1 (enable)

         NOTE: The default is 0 (disable)

5.Click OK and then quit Registry Editor. 

6.Shut down and restart Windows NT. 

Using SMB signing will slow down the performance when enabled. 
This setting is only to be used when network security is a concern. 
Performance decrease usually averages between 10 to 15%. The 
very nature of SMB signing requires that every packet is signed 
for and every packet must be verified. 

Backup one step