Solved

How to enable SMB signing Windows 2008/Windows 7

Posted on 2014-10-07
2
6,873 Views
Last Modified: 2014-10-27
We have had an audit and the auditors have recommended enabling SMB signing on the network. How is this done, and should it be done? We have a windows 2008 DC and 2008 application server, all PC's are Windows 7 Pro.
0
Comment
Question by:350ztn
2 Comments
 
LVL 24

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40367325
SMB signing is used to ensure SMB packets are not modified during transit (i.e. man in the middle attack).  By default all Windows server, clients and DCs support SMB signing but is not enabled.  A client will not be able to establish a session with a server that has SMB signing enabled until client agrees to sign SMBs.  SMB signing could result in up to 15% or higher performance degradation as there is overhead with SMB signing.  SMB signing can be enabled either via GPO or registry and you could reference link below:

http://support.microsoft.com/kb/916846

I do not recommend SMB signing unless it is a must or you believe there is a possibility of man in the middle attack in your environment.
0
 

Author Comment

by:350ztn
ID: 40368993
I completely agree and have informed management of the performance issue, they want to enable it to see if the performance loss is noted. So I guess I must move forward with the group policy changes on server and client side. thank you for the link. It looks like at the bottom of that link is where I need to focus, for the group policy changes.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now