Hi Jim, Please take a look at this article, it was sent to me by Ben Smith. http://support.microsoft.com/default.aspx?scid=kb;en-us;887429
" Although Microsoft does not recommend it, you can prevent SMB signing from being required on all domain controllers that run Windows Server 2003 in a domain. To configure this security setting, follow these steps: 1. Open the Default Domain Controllers Policy. 2. Open the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder. 3. Locate the Microsoft network server: Digitally sign communications (always) policy setting, and then click Disabled or Do Not Configure. " Hope this helps! Ben Smith Senior Security Strategist Microsoft Corporation --------------------------- Regards, Jose Medeiros ------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Becker, Jim Sent: Wednesday, May 11, 2005 12:59 PM To: [email protected] Subject: [ActiveDir] LAN Manager Authentication Level setting I'm having a difficult time determining whether, and to what, I should change the LAN Manager Authentication Level. Can someone either describe, or point me to some well-written essay, on the details of how to determine when it's appropriate to change the setting? What do you need to be aware of in your environment both from workstation and server persepctives? What computer relationships (workstation to server, dial-in client to server, VPN connections, etc) contribute to this determination? Is this setting something that's implemented in more than one place? Where? I'm just blocked about this and need a wedge (no, not sledge) to loosen my understanding of it. Thanks, Jim Becker Asst. Dir. of Administrative Systems State University of New York System Administration [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
