Solved

Registry settings are changing

Posted on 2009-04-03
5
236 Views
Last Modified: 2012-05-06
Customer is running av Win 2003 server as domain controller in a small LAN (less than 10 users). Recently they installed a multi-function printer and attached it to the LAN. This unit is configured to scan to a specified folder on the server.

In order for this to work, the printer supplier defined two registry settings on the server:
HKLM/System/CurrentControlSet/Services/lanmanserver/requiresecuritysignature value = 0
and
HKLM/System/CurrentControlSet/Services/lanmanserver/enablesecurityseignature value = 0

These settings seems to work for a short time, but then they are reset or changed to a value of 1 (which causes the scanner to stop working).

I'm not sure what these settings are doing, but suspect that they're used to get access to the server (without defining a specific user/password). Questions are then: What is causing these settings to change?.  Any ideas how to make this work better?

-Olaf-

0
Comment
Question by:Olaf Berli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058038
Group Policy is altering your settings

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network client: Digitally sign communications (if server agrees)
&
Microsoft network client: Digitally sign communications (always)

Change them to disabled.  Run GPMC and see which GP is the culprit and change them over
0
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058051
Sorry that should be

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network server: Digitally sign communications (if server agrees)
&
Microsoft network server: Digitally sign communications (always
0
 

Author Comment

by:Olaf Berli
ID: 24070848
Thanks for the feedback.
I logged on to the server(via mstsc /console), ran mmc and found those settings - both enabled. Couldn't change them, because they were greyed out. Any ideas how to get around this?

I'm not very familiar with AD administration. What is GPMC?  Any details about "see which GP is the culprit and change them over"....?

-Olaf-
0
 
LVL 6

Accepted Solution

by:
matt_beatt earned 500 total points
ID: 24071332
GPMC = Group Policy Management Console

Try logging onto your DC and from run type gpmc.msc - if it doesnt run, download it from download.microsoft.com

In your scenario, what you want to do is edit the Default Domain Controller Policy, in that policy you should find the options mentioned above enabled as they are by default on DC's - change to disabled.

Then on your machine Run > gpupdate /force and then reboot

Should solve the problem - if not let me know as your GP's will be slightly more complex than my assumptions
0
 

Author Closing Comment

by:Olaf Berli
ID: 31566139
Customer reported back today that the problem seems to be solved. Registry settings stayed also after a server reboot. Thanks!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bizarre hard disk problem 15 140
DHCP lease duration / Migration 8 106
Domain Controller/ Old server 9 70
Windows Server 2003 error 0x80070002 log in 9 59
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question