Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 14197
  • Last Modified:

How to enable SMB signing Windows 2008/Windows 7

We have had an audit and the auditors have recommended enabling SMB signing on the network. How is this done, and should it be done? We have a windows 2008 DC and 2008 application server, all PC's are Windows 7 Pro.
0
350ztn
Asked:
350ztn
1 Solution
 
Mohammed KhawajaCommented:
SMB signing is used to ensure SMB packets are not modified during transit (i.e. man in the middle attack).  By default all Windows server, clients and DCs support SMB signing but is not enabled.  A client will not be able to establish a session with a server that has SMB signing enabled until client agrees to sign SMBs.  SMB signing could result in up to 15% or higher performance degradation as there is overhead with SMB signing.  SMB signing can be enabled either via GPO or registry and you could reference link below:

http://support.microsoft.com/kb/916846

I do not recommend SMB signing unless it is a must or you believe there is a possibility of man in the middle attack in your environment.
0
 
350ztnAuthor Commented:
I completely agree and have informed management of the performance issue, they want to enable it to see if the performance loss is noted. So I guess I must move forward with the group policy changes on server and client side. thank you for the link. It looks like at the bottom of that link is where I need to focus, for the group policy changes.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now