Registry settings are changing

Customer is running av Win 2003 server as domain controller in a small LAN (less than 10 users). Recently they installed a multi-function printer and attached it to the LAN. This unit is configured to scan to a specified folder on the server.

In order for this to work, the printer supplier defined two registry settings on the server:
HKLM/System/CurrentControlSet/Services/lanmanserver/requiresecuritysignature value = 0
and
HKLM/System/CurrentControlSet/Services/lanmanserver/enablesecurityseignature value = 0

These settings seems to work for a short time, but then they are reset or changed to a value of 1 (which causes the scanner to stop working).

I'm not sure what these settings are doing, but suspect that they're used to get access to the server (without defining a specific user/password). Questions are then: What is causing these settings to change?.  Any ideas how to make this work better?

-Olaf-

Olaf BerliAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
matt_beattConnect With a Mentor Commented:
GPMC = Group Policy Management Console

Try logging onto your DC and from run type gpmc.msc - if it doesnt run, download it from download.microsoft.com

In your scenario, what you want to do is edit the Default Domain Controller Policy, in that policy you should find the options mentioned above enabled as they are by default on DC's - change to disabled.

Then on your machine Run > gpupdate /force and then reboot

Should solve the problem - if not let me know as your GP's will be slightly more complex than my assumptions
0
 
matt_beattCommented:
Group Policy is altering your settings

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network client: Digitally sign communications (if server agrees)
&
Microsoft network client: Digitally sign communications (always)

Change them to disabled.  Run GPMC and see which GP is the culprit and change them over
0
 
matt_beattCommented:
Sorry that should be

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network server: Digitally sign communications (if server agrees)
&
Microsoft network server: Digitally sign communications (always
0
 
Olaf BerliAuthor Commented:
Thanks for the feedback.
I logged on to the server(via mstsc /console), ran mmc and found those settings - both enabled. Couldn't change them, because they were greyed out. Any ideas how to get around this?

I'm not very familiar with AD administration. What is GPMC?  Any details about "see which GP is the culprit and change them over"....?

-Olaf-
0
 
Olaf BerliAuthor Commented:
Customer reported back today that the problem seems to be solved. Registry settings stayed also after a server reboot. Thanks!
0
All Courses

From novice to tech pro — start learning today.