Hi All,
We have had arrival of new scanner/printer/copier in office. It uses SMB to
scan files to shared folders on our W2003 network. In order for it to work
however, I have had to do the following;
1. From Administrative Tools open Domain Controller Security Policy 2. Smile
3. Select \Security Settings\Local Policies\Security Options folder. 4. In
the details pane, double-click Microsoft network server: Digitally sign
communications (always), and then click Disabled to prevent SMB packet
signing from being required. 5. Click OK. 6. In the details pane,
double-click Domain member: Digitally encrypt or sign secure channel data
(always), and then click Disabled to prevent secure channel signing from
being required. 7. Click OK.
Before that, the scan would fail to be sent to the server in question.
What are the implications of this--given that we do not ostensibly use SMB
for anything else.
I've heard scare stories of SMB man in the middle attacks and was under the
impression that this is what these specific security settings were
pertaining to but am not sure.
There are other options for the scanning ie ftp/email but neither would work
as we cannot get approval for cost of ftp server nor can the email system
take the file sizes that are often req'd by scans our users make.
I can see there will be advice against having shared user folders etc on
DC's too but the big boss wants more from less if you see what I mean.
Kind Regards
Murad Talukdar
---------------------------------------------------------------------------
---------------------------------------------------------------------------
