?
Solved

Registry settings are changing

Posted on 2009-04-03
5
Medium Priority
?
244 Views
Last Modified: 2012-05-06
Customer is running av Win 2003 server as domain controller in a small LAN (less than 10 users). Recently they installed a multi-function printer and attached it to the LAN. This unit is configured to scan to a specified folder on the server.

In order for this to work, the printer supplier defined two registry settings on the server:
HKLM/System/CurrentControlSet/Services/lanmanserver/requiresecuritysignature value = 0
and
HKLM/System/CurrentControlSet/Services/lanmanserver/enablesecurityseignature value = 0

These settings seems to work for a short time, but then they are reset or changed to a value of 1 (which causes the scanner to stop working).

I'm not sure what these settings are doing, but suspect that they're used to get access to the server (without defining a specific user/password). Questions are then: What is causing these settings to change?.  Any ideas how to make this work better?

-Olaf-

0
Comment
Question by:Olaf Berli
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058038
Group Policy is altering your settings

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network client: Digitally sign communications (if server agrees)
&
Microsoft network client: Digitally sign communications (always)

Change them to disabled.  Run GPMC and see which GP is the culprit and change them over
0
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058051
Sorry that should be

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network server: Digitally sign communications (if server agrees)
&
Microsoft network server: Digitally sign communications (always
0
 

Author Comment

by:Olaf Berli
ID: 24070848
Thanks for the feedback.
I logged on to the server(via mstsc /console), ran mmc and found those settings - both enabled. Couldn't change them, because they were greyed out. Any ideas how to get around this?

I'm not very familiar with AD administration. What is GPMC?  Any details about "see which GP is the culprit and change them over"....?

-Olaf-
0
 
LVL 6

Accepted Solution

by:
matt_beatt earned 2000 total points
ID: 24071332
GPMC = Group Policy Management Console

Try logging onto your DC and from run type gpmc.msc - if it doesnt run, download it from download.microsoft.com

In your scenario, what you want to do is edit the Default Domain Controller Policy, in that policy you should find the options mentioned above enabled as they are by default on DC's - change to disabled.

Then on your machine Run > gpupdate /force and then reboot

Should solve the problem - if not let me know as your GP's will be slightly more complex than my assumptions
0
 

Author Closing Comment

by:Olaf Berli
ID: 31566139
Customer reported back today that the problem seems to be solved. Registry settings stayed also after a server reboot. Thanks!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question