Making some changes in domain controller security policy

hey!

I want to change a policy in domain controller security policy, I want to disable "Microsoft network server: digitally sign communications (always)." What can be affected by this change?
In detail i need to do the following->
your server is also a Domain Controller. In which case you need to open the DC's Security Policy (Administrative Tools > Domain Controller Security Policy). Navigate to Local Policies > Secuiry Options, and disable "Microsoft network server: Digitally sign communications (always)" & "Microsoft network server: Digitally sign communications (if client agrees)". Reboot your sever, and you should be good to go.

The reason i am doing this is because i am not able to access shared folders in my mac client that is on a windows server 2003 domain. If there is any other method or else if there is any issue in changing the above settings please let me know.

Thanks,

Salman

LVL 1
KidsTrainingTeamAsked:
Who is Participating?
 
TheCleanerConnect With a Mentor Commented:
BTW from that kb article:

The following clients are incompatible with the Microsoft network server: Digitally sign communications (always) setting: • Apple Computer, Inc., Mac OS X clients
• Microsoft MS-DOS network clients (for example, Microsoft LAN Manager)
• Microsoft Windows for Workgroups clients
• Microsoft Windows 95 clients without the DS Client installed
• Microsoft Windows NT 4.0-based computers without SP3 or later installed
• Novell Netware 6 CIFS clients
• SAMBA SMB clients that lack support for SMB signing

So yes, you are right on track if you want to go that route.
0
 
TheCleanerCommented:
Check out this very informative article about that setting and others:

http://support.microsoft.com/kb/823659

And for Mac clients to reach a 2003 file server, I highly recommend ADmitMAC  www.admitmac.com

0
 
mcsweenSr. Network AdministratorCommented:
I'm with TheCleaner, you should look into AdmitMAC.

You can make that same change in the LOCAL Security Policy on your File Share Server (start, run, secpol.msc)  This way it will only get changed for that server instead of every server in the domain.

FYI - I have those settings disabled on a W2k3 and W2k3-R2 file share server in my Domain and I have not noticed any adverse affects.  I had to disable it because I was using a DNS alias to access my file share server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.