Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

How to enable SMB signing, syn-ack on windows 2008 domain controller

Dear Support team,


Please advice, how we can implement below mentioned on windows 2008 domain controller

 
 
 How to enable

SMB Weaknesses
The SMB signing is disabled on the target systems.  
________________________

How we can set syn-ack

SYN-ACK retransmissions time limit has not been set;
'Turn off Untrusted Content' is not enabled;
________________________________________
 How to and which to services need to be stop

Active Processes
Multiple active processes are running on the system in-scope as listed in Appendix 2.
0
tabreed
Asked:
tabreed
  • 2
2 Solutions
 
David Johnson, CD, MVPOwnerCommented:
Defaults
Enabled by default on DC's, Disabled on Member Servers

Administrative Tools|Local Security Policy.
Local Policies  | Security Options | Microsoft Network Server
Digitally sign communications (always) properties set to enabled

you can also use group policy (the drawback is a 15% network overhead)
0
 
tabreedAuthor Commented:
Thanks for your response, but in my DC it is disable. If I enable SMB is there will be any issues and can I enable on other servers like web server ERP server please advice

Thanks
0
 
David Johnson, CD, MVPOwnerCommented:
signing of packets will incur about a 15% overhead, if you need this to comply with an audit then that is what you need to do.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now