none
SCM - Windows 7 SP1 Computer Security Compliance RRS feed

  • Question

  • After applying the windows 7 default security Compliance policy, i am unable to mount any cifs shares.  What part of this policy would not allow this?  My error message is when I go to put a user and password in and it will not authenticate my users anymore.  I remove the policy and it works again.  Any ideas?


    Eric

    Tuesday, May 22, 2012 9:14 PM

Answers

  • Eric;

    You read through the guidance and examined the settings in our baseline before deploying them, right? You have to invest the time in order to be able to effectively deploy our security guidance while minimizing problems such as what you describe. in this case, its probably the setting called "Microsoft network client: Digitally sign communications (always)" That setting is located in the group policy editor at:

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options 

    The best way to resolve this issue is to enable the digital signing of communications on all of your file servers. If you're using non-Microsoft technologies like NetApp or SAMBA recent versions of those products also support digital signing, you need to upgrade to the latest version and make sure you enable signing.

    Another setting that may be involved affects NTLM authentication level, its in the same location in group policy and its called "Network security: LAN Manager authentication level" You need to make sure that all of the Windows computers on your network are configured in a compatible way. Read the information in SCM for the setting to see what I mean.


    Kurt Dillard http://www.kurtdillard.com

    Wednesday, May 23, 2012 5:20 PM
    Moderator