none
[Server 2008 R2] SMB Signing Automatically Enable After Reboot

    Question

  • Our client meet a problem. They are using a Windows Server 2008 R2 with domain controller. They have disabled the SMB signing ( ref http://technet.microsoft.com/en-us/library/cc731654(WS.10).aspx). However, the registry resets to 1 after several hours or system reboots. I have installed a Server 2008 R2 in my office, but cannot reproduce the problem. Do any one have idea what the problem is? Thanks a lot.

     

    Regards,

    Timix

    Wednesday, February 01, 2012 6:14 AM

Answers

  • Hi,

    I haven't ever encounter with this issue, I am not sure what programs or software could reset registry keys.

    If we deploy the registry key trough Group Policy, the key could not be changed by others except administrator. And for your client, we should create a GPO linked to the domain, so that those client could have the key deployed.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Friday, February 03, 2012 7:25 AM

All replies

  • Hi,

    To disable SMB signing on the Windows Server 2008 and 2008 R2 perform the following:

    Changes need to be applied in the Group Policy management console.

    Start --> Administrative Tools --> Group Policy Management

    Configure the Default Domain and Default Domain Controller Policies. The settings you are looking for are under:

    Computer Configuration --> Policies --> Windows Settings --> Security
    Settings --> LocalPolicies --> Security

    I would like to know what do you mean that cannot reproduce the problem. I noticed that "any operation that requires a secure channel between Windows NT 4 and Windows Server 2003 or later is not tested or supported." in the article.

    If the key is changed after reboot, I would like suggest you create a GPO linked to the computer and set the registry key using GPP registry keys:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters

    Value Name: RequireSecuritySignature
    Data Type: REG_DWORD
    Data: 0 (disable)

    For more information, please also refer to the below link:

    Overview of Server Message Block signing

    http://support.microsoft.com/kb/887429

     

    Best Regards,

    Yan Li

     


    Yan Li

    TechNet Community Support

    Thursday, February 02, 2012 2:02 AM
  • Hi Yan,

     

    Thank you for your reply. In my office, I can successfully disable the SMB signing, and it will not re-enable automatically after reboot. The problem happens in my client's machine only. I cannot recreate it in my office. They told me that their server is a virtual server under Hyper-V environment. I have not yet tested the environment, do you have idea whether that will lead the problem? I have asked them to check whether there is a start up program to reset the registry keys, but they have no idea. Do you know any programs, software (eg, antivirus) or Windows configuration will reset the registry keys? 

     

    Best Regards,

    Timix

    Friday, February 03, 2012 5:38 AM
  • Hi,

    I haven't ever encounter with this issue, I am not sure what programs or software could reset registry keys.

    If we deploy the registry key trough Group Policy, the key could not be changed by others except administrator. And for your client, we should create a GPO linked to the domain, so that those client could have the key deployed.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Friday, February 03, 2012 7:25 AM