Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Registry settings are changing

Posted on 2009-04-03
5
Medium Priority
?
242 Views
Last Modified: 2012-05-06
Customer is running av Win 2003 server as domain controller in a small LAN (less than 10 users). Recently they installed a multi-function printer and attached it to the LAN. This unit is configured to scan to a specified folder on the server.

In order for this to work, the printer supplier defined two registry settings on the server:
HKLM/System/CurrentControlSet/Services/lanmanserver/requiresecuritysignature value = 0
and
HKLM/System/CurrentControlSet/Services/lanmanserver/enablesecurityseignature value = 0

These settings seems to work for a short time, but then they are reset or changed to a value of 1 (which causes the scanner to stop working).

I'm not sure what these settings are doing, but suspect that they're used to get access to the server (without defining a specific user/password). Questions are then: What is causing these settings to change?.  Any ideas how to make this work better?

-Olaf-

0
Comment
Question by:Olaf Berli
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058038
Group Policy is altering your settings

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network client: Digitally sign communications (if server agrees)
&
Microsoft network client: Digitally sign communications (always)

Change them to disabled.  Run GPMC and see which GP is the culprit and change them over
0
 
LVL 6

Expert Comment

by:matt_beatt
ID: 24058051
Sorry that should be

Computer Settings > Windows Settings > Local Policies > Security Options

Microsoft network server: Digitally sign communications (if server agrees)
&
Microsoft network server: Digitally sign communications (always
0
 

Author Comment

by:Olaf Berli
ID: 24070848
Thanks for the feedback.
I logged on to the server(via mstsc /console), ran mmc and found those settings - both enabled. Couldn't change them, because they were greyed out. Any ideas how to get around this?

I'm not very familiar with AD administration. What is GPMC?  Any details about "see which GP is the culprit and change them over"....?

-Olaf-
0
 
LVL 6

Accepted Solution

by:
matt_beatt earned 2000 total points
ID: 24071332
GPMC = Group Policy Management Console

Try logging onto your DC and from run type gpmc.msc - if it doesnt run, download it from download.microsoft.com

In your scenario, what you want to do is edit the Default Domain Controller Policy, in that policy you should find the options mentioned above enabled as they are by default on DC's - change to disabled.

Then on your machine Run > gpupdate /force and then reboot

Should solve the problem - if not let me know as your GP's will be slightly more complex than my assumptions
0
 

Author Closing Comment

by:Olaf Berli
ID: 31566139
Customer reported back today that the problem seems to be solved. Registry settings stayed also after a server reboot. Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question