From: SMTP%"everhart@mail09.mitre.org" 22-JAN-1998 17:25:02.09 To: everhart@gce.com (everhart@gce.com) CC: Subj: FWD: RE: [NTSEC] Authentification, WinNT, Win95 --===_tgate3_44784_96625919_=== Content-Type: text/plain; charset="us-ascii" ----- Forwarded message follows ----- Delivered-To: nt-out-link@iss.net Delivered-To: nt-out@iss.net From: "Espinola, Micheal" To: 'Mlynka Richard' cc: "'ntsecurity@iss.net'" Subject: RE: [NTSEC] Authentification, WinNT, Win95 Date: Wed, 21 Jan 98 16:59:50 -0500 X-Priority: 3 Precedence: bulk Reply-To: "Espinola, Micheal" X-Loop: ntsecurity X-Comment: TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net X-Comment: DO NOT send subscribe/unsubscribe messages to ntsecurity@iss.net TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! --------------------------------------------------------------------------- If what I think I understand you are saying, then the answer is yes. To incorporating message signing into SMB packets which are verified by both server and client ends, there are registry key settings to enable SMB signatures on each side. To ensure that SMB server responds to clients with message signing only, configure the following key value: Server Setting Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parame ters Key: RequireSecuritySignature Type: REG_DWORD Value: 1 (1=enable, 0=disable) Client Setting Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters Key: RequireSecuritySignature Type: REG_DWORD Value: 1 (1=enable, 0=disable) Setting this value ensures that the Server communicates with only those clients that are aware of message signing. Note that this means that installations that have multiple versions of client software, older versions will fail to connect to servers that have this key value configured. Similarly, security conscious clients can also decide to communicate with servers that support message signing and no one else. ** Note that setting this key value implies that the client will not be able to connect to servers which do not have message signing support. ** Also Note: that Legacy Windows 3.x machines will not be able to authenticate in this manner. Please refer to Knowledge Base article Q161372 for further details on SMB message signing enhancements. Micheal ---------------------------------------- Micheal Espinola Jr NT Network Administrator RATIONAL SOFTWARE CORPORATION One Burlington Woods Burlington, MA 01803 email : mespinola@rational.com www : http://www.rational.com -----Original Message----- From: Mlynka Richard [SMTP:mlynka@ditec.sk] Sent: Wednesday, January 21, 1998 3:08 PM To: 'ntsecurity@iss.net' Subject: [NTSEC] Authentification, WinNT, Win95 Importance: High TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! ------------------------------------------------------------------------ --- Hello, is it possible to have NT server, which authentificates Windows 95 clients accessing it from LAN with custom authentification mechanism and making all normal Windows clients not able to authentificate usual way? Please tell me why yes or no. Thanks Richard Mlynka mailto:mlynka@ditec.sk voice: +421 7 5044448 fax: +421 7 5044691 ----- End of forwarded message ----- --===_tgate3_44784_96625919_===-- ================== RFC 822 Headers ================== Return-Path: everhart@mail09.mitre.org Received: by norlmn.gce.com (UCX X4.2-14, OpenVMS E7.1-1H1 Alpha); Thu, 22 Jan 1998 17:16:27 -0500 Received: from mbunix.mitre.org (mbunix.mitre.org [129.83.20.100]) by mercury.mv.net (8.8.8/mem-971025) with ESMTP id IAA26145 for ; Thu, 22 Jan 1998 08:28:22 -0500 (EST) Received: from TGATE3 (tgate3.mitre.org [129.83.20.27]) by mbunix.mitre.org (8.8.8/8.8.8/mitre.0) with ESMTP id IAA03779 for ; Thu, 22 Jan 1998 08:32:00 -0500 (EST) Received: from mail09.mitre.org (unverified [129.83.20.43]) by tgate3.mitre.org (EMWAC SMTPRS 0.83) with SMTP id ; Thu, 22 Jan 1998 08:31:59 -0500 Received: by mail09.mitre.org; (5.65v3.2/1.1.8.2/22Jun94-0628PM) id AA16526; Thu, 22 Jan 1998 08:31:55 -0500 Subject: FWD: RE: [NTSEC] Authentification, WinNT, Win95 From: everhart@mail09.mitre.org (Glenn C. Everhart) To: everhart@gce.com (everhart@gce.com) Message-Id: <980122083154.31233@mail09.mitre.org.0> Date: Thu, 22 Jan 98 08:31:54 -0500 X-Mailer: MailWorks 2.0-4 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===_tgate3_44784_96625919_==="