SMB Signing Disabled

Beatriz Simiao 0 Reputation points
2024-03-13T13:24:19.1333333+00:00

I have a Windows Server 2019 Standard machine where I am trying to fix the "SMB Signing Disabled or SMB Signing Not Required" vulnerability, but I change the keys below to 1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters

Registry value: RequireSecuritySignature and EnableSecuritySignature

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

Registry value: RequireSecuritySignature and EnableSecuritySignature

and when I return to validate the value is 0 again.

https://learn.microsoft.com/en-us/archive/blogs/josebda/the-basics-of-smb-signing-covering-both-smb1-and-smb2

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2024-03-14T02:25:22.28+00:00

    Hello,

    Kindly review the following paragraph extracted from The Basics of SMB Signing (covering both SMB1 and SMB2)

    If you decide that you must change the SMB signing settings, the recommendation is to use the “Digitally sign communications (always)” Group Policy setting. If you cannot do it via Group Policy, you could use the “RequireSecuritySignature” registry setting.

    IMPORTANT: We no longer recommend using “Digitally sign communications (if client agrees)” or “Digitally sign communications (if server agrees)” Group Policy settings. We also no longer recommend using the “EnableSecuritySignature” registry settings. These options, which only affect the SMB1 behavior, can be effectively replaced by the “Digitally sign communications (always)” Group Policy setting or the “RequireSecuritySignature” registry setting.


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Beatriz Simiao 0 Reputation points
    2024-03-14T18:37:59.5466667+00:00

    Thanks for the feedback!

    We are changing exactly this key HKLM\System\CurrentControlSet\Services\LanManWorkstation\Parameters requiresecuritysignature to the value 1, but after some time it returns to the value 0 alone


  3. Beatriz Simiao 0 Reputation points
    2024-03-22T22:31:43.2733333+00:00

    We have policies applied by GPO on the servers, but none of them force the value of this key to change.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.