• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Making some changes in domain controller security policy

hey!

I want to change a policy in domain controller security policy, I want to disable "Microsoft network server: digitally sign communications (always)." What can be affected by this change?
In detail i need to do the following->
your server is also a Domain Controller. In which case you need to open the DC's Security Policy (Administrative Tools > Domain Controller Security Policy). Navigate to Local Policies > Secuiry Options, and disable "Microsoft network server: Digitally sign communications (always)" & "Microsoft network server: Digitally sign communications (if client agrees)". Reboot your sever, and you should be good to go.

The reason i am doing this is because i am not able to access shared folders in my mac client that is on a windows server 2003 domain. If there is any other method or else if there is any issue in changing the above settings please let me know.

Thanks,

Salman

0
KidsTrainingTeam
Asked:
KidsTrainingTeam
  • 2
1 Solution
 
TheCleanerCommented:
Check out this very informative article about that setting and others:

http://support.microsoft.com/kb/823659

And for Mac clients to reach a 2003 file server, I highly recommend ADmitMAC  www.admitmac.com

0
 
TheCleanerCommented:
BTW from that kb article:

The following clients are incompatible with the Microsoft network server: Digitally sign communications (always) setting: • Apple Computer, Inc., Mac OS X clients
• Microsoft MS-DOS network clients (for example, Microsoft LAN Manager)
• Microsoft Windows for Workgroups clients
• Microsoft Windows 95 clients without the DS Client installed
• Microsoft Windows NT 4.0-based computers without SP3 or later installed
• Novell Netware 6 CIFS clients
• SAMBA SMB clients that lack support for SMB signing

So yes, you are right on track if you want to go that route.
0
 
mcsweenSr. Network AdministratorCommented:
I'm with TheCleaner, you should look into AdmitMAC.

You can make that same change in the LOCAL Security Policy on your File Share Server (start, run, secpol.msc)  This way it will only get changed for that server instead of every server in the domain.

FYI - I have those settings disabled on a W2k3 and W2k3-R2 file share server in my Domain and I have not noticed any adverse affects.  I had to disable it because I was using a DNS alias to access my file share server.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now