none
GPO Setting Not Applying

    Question

  • We have a GPO setting to enable this SMB signing security setting on all of our servers:

    https://technet.microsoft.com/en-us/library/cc731957(v=ws.11).aspx

    However, this setting isn't applying. I'm familiar with GPO troubleshooting, so I've done all of the following.

    - Did a Group Policy Results wizard through GPMC, which says that it's applying the setting.

    - I've run gpresults locally, which says that the setting is applying.

                GPO: <OUR GPO>
                    Policy:            @wsecedit.dll,-59043
                    ValueName:         MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
                    Computer Setting:  1


    However, if I view that registry key, the value is zero, and therefore, these servers are failing the SMB signing requirement of our internal security scans. I'm not sure where to go next. Thoughts?


    Wednesday, March 29, 2017 4:40 PM

Answers

  • Hi,
    Have you tried to reboot the client and see the result from registry editor?
    In addition, as we know the registry corresponding to the policy, you could have a try to deploy this registry via group policy preference and see if it works:
    Configure a Registry Item https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by ChGPe Thursday, March 30, 2017 1:36 PM
    Thursday, March 30, 2017 5:55 AM
    Moderator

All replies

  • Hi,
    Have you tried to reboot the client and see the result from registry editor?
    In addition, as we know the registry corresponding to the policy, you could have a try to deploy this registry via group policy preference and see if it works:
    Configure a Registry Item https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by ChGPe Thursday, March 30, 2017 1:36 PM
    Thursday, March 30, 2017 5:55 AM
    Moderator
  • Thanks for the response. I was considering the preference item as well, but wanted to determine why the security setting wasn't applying all the same. It turns out, someone here did set the preference item, but they set the value to zero (*sigh*). So the two settings were in conflict, and the preference item won out.
    Thursday, March 30, 2017 1:36 PM
  • Hi,
    Great to hear that the root cause is found, and thank you for the feedback.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 31, 2017 1:28 AM
    Moderator