Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

W2k3 Server and IBM AS400

2 views

Skip to first unread message

Eb

unread,

Oct 6, 2005, 9:19:32 AM10/6/05

We added a Windows 2003 Server to our network.

In order for our AS400 to communicate with the W2k3 server
we had to change 2 registry values related to SMB Signing.

However each morning when we come in the registry values have reset
themselves.

We are signing on as Administrator chaging the registry values and
rebooting the Server. But the next morning the values have reset
themselves.

Being a novice with W2k3 Server is there something you have to do to
make registry changes permanent?

Al Mulnick

unread,

Oct 6, 2005, 11:10:10 AM10/6/05

Group policy settings are overriding most likely. You need to make your
changes in the group policy regarding the signing of SMB conversations vs.
in the registry. From
http://support.microsoft.com/default.aspx?scid=kb;en-us;839499 :

...configure the SMB signing policy settings. To do this, follow these
steps: a. Click Start, point to Programs, point to Administrative Tools,
and then click Domain Controller Security Policy.
b. In the left pane, expand Local Policies, and then click Security
Options.
c. In the right pane, double-click Microsoft network server:
Digitally sign communications (always).

Note In Windows 2000 Server, the equivalent policy setting is
Digitally sign server communication (always).

Important If you have client computers on the network that do not
support SMB signing, you must not enable the Microsoft network server:
Digitally sign communications (always) policy setting. If you enable this
setting, you require SMB signing for all client communication, and client
computers that do not support SMB signing will not be able to connect to
other computers. For example, clients that are running Apple Macintosh OS X
or Microsoft Windows 95 do not support SMB signing. If your network includes
clients that do not support SMB signing, set this policy to disabled.

d. Click to select the Define this policy setting check box, click
Enabled, and then click OK.
e. Double-click Microsoft network server: Digitally sign
communications (if client agrees).

Note For Windows 2000 Server, the equivalent policy setting is
Digitally sign server communication (when possible).
f. Click to select the Define this policy setting check box, and then
click Enabled.
g. Click OK.
h. Double-click Microsoft network client: Digitally sign
communications (always).
i. Click to clear the Define this policy setting check box, and then
click OK.
j. Double-click Microsoft network client: Digitally sign
communications (if server agrees).
k. Click to clear the Define this policy setting check box, and then
click OK.

"Eb" <emc...@yahoo.com> wrote in message
news:hp8ak1d2la47o9467...@4ax.com...

Eb

unread,

Oct 11, 2005, 10:10:01 AM10/11/05

The microsoft link got us working.... Thanks...

0 new messages