- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- ProLiant Deployment and Provisioning
- >
- RDP and Windows 2003 SMB Signing
ProLiant Deployment and Provisioning
1820129
Members
3075
Online
109619
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-20-2004 10:57 PM
тАО10-20-2004 10:57 PM
RDP and Windows 2003 SMB Signing
I'm having problems running RDP within a Win2k3 enviroment as SMB signing is required for all communications within the domain. I've read a couple of docs within the Altiris support forum but the only answer is basically don't install RDP onto a Server or into a domain that require SMB signing. This is not really appropriate as my customer is not prepared to run without it, does anyone know have any other comments.
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-22-2004 04:58 AM
тАО10-22-2004 04:58 AM
Re: RDP and Windows 2003 SMB Signing
Hi John,
Intereseting discussion. I've spent much time hardening our Windows 2003 systems and run into several problems with different applications. One of them is Altiris/RDP.
You are talking about the GPO-settings:
- Microsoft Network client: Digitally sign communications (always)
- Microsoft Network client: Digitally sign communications (if server agrees)
- Microsoft Network server: Digitally sign communications (always)
- Microsoft Network server: Digitally sign communications (if client agrees)
correct?
Are we also talking about applying those settings on the RDP-server and/or the Domain Controllers?
Intereseting discussion. I've spent much time hardening our Windows 2003 systems and run into several problems with different applications. One of them is Altiris/RDP.
You are talking about the GPO-settings:
- Microsoft Network client: Digitally sign communications (always)
- Microsoft Network client: Digitally sign communications (if server agrees)
- Microsoft Network server: Digitally sign communications (always)
- Microsoft Network server: Digitally sign communications (if client agrees)
correct?
Are we also talking about applying those settings on the RDP-server and/or the Domain Controllers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-24-2004 11:22 PM
тАО10-24-2004 11:22 PM
Re: RDP and Windows 2003 SMB Signing
Thanks for the reply, I'm actually working with my customer on this problem so I've asked them to comment on your reply. They have responded with the following comments to your question.
Local Policies/Security Options
Domain Controller
Domain controller: LDAP server signing requirements None
Domain Member
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Microsoft Network Server
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Network Security
Network security: LAN Manager authentication level Send NTLM response only
We are working with the default policies that are installed with fresh builds of Windows Server 2003.
Local Policies/Security Options
Domain Controller
Domain controller: LDAP server signing requirements None
Domain Member
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Microsoft Network Server
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Network Security
Network security: LAN Manager authentication level Send NTLM response only
We are working with the default policies that are installed with fresh builds of Windows Server 2003.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2004 03:19 AM
тАО10-25-2004 03:19 AM
Re: RDP and Windows 2003 SMB Signing
Hi again,
I'm working with the exact same things so I definitly think we can exchange some thoughts.
Just to clarify. Have you set those policy settings on the Domain Controller only or also the RDP server? Or are you just PLANNING to enforce those security settings if it will work with RDP?
You can reply now if you can. I'll get back to you tomorrow with the exact policysettings we have in our domain.
I'm working with the exact same things so I definitly think we can exchange some thoughts.
Just to clarify. Have you set those policy settings on the Domain Controller only or also the RDP server? Or are you just PLANNING to enforce those security settings if it will work with RDP?
You can reply now if you can. I'll get back to you tomorrow with the exact policysettings we have in our domain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 01:35 PM
тАО11-16-2004 01:35 PM
Re: RDP and Windows 2003 SMB Signing
For the very reasons discussed, we do not allow Altiris to be loaded on any productional network. It does not provide adequate security. SMB signing, NTLMv2 and other settings all break their MS-DOS client.
I would suggest looking at the SMS 2003 OS deployment application (released this week), MS ADS, or other solutions.
I'm very disappointed that Altiris/HP don't take security seriously for OS deployment.
I would suggest looking at the SMS 2003 OS deployment application (released this week), MS ADS, or other solutions.
I'm very disappointed that Altiris/HP don't take security seriously for OS deployment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2004 01:41 AM
тАО11-19-2004 01:41 AM
Re: RDP and Windows 2003 SMB Signing
Hi Derek!
Thanks for helping out! I'm also very dissappointed at HP for not taking this seariously. I understand this is not a HP-product but we're running another product from HP OpenView-family that fails when we det these settings and their only answer is: "We don't support that! And we're not planning to do anything about it! Sorry!".
Anyway, if you just tighten this setting on the DOMAIN CONTROLLER and not the actual RDP-server, does this work if you use a LOCAL user to connect to the share instead of a domain user? I have a hard time trying this at the moment since I'm attendning the MS ITForum.
But please let me know what you have tried and failed doing with Altiris.
Thanks for helping out! I'm also very dissappointed at HP for not taking this seariously. I understand this is not a HP-product but we're running another product from HP OpenView-family that fails when we det these settings and their only answer is: "We don't support that! And we're not planning to do anything about it! Sorry!".
Anyway, if you just tighten this setting on the DOMAIN CONTROLLER and not the actual RDP-server, does this work if you use a LOCAL user to connect to the share instead of a domain user? I have a hard time trying this at the moment since I'm attendning the MS ITForum.
But please let me know what you have tried and failed doing with Altiris.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-20-2004 02:58 AM
тАО11-20-2004 02:58 AM
Re: RDP and Windows 2003 SMB Signing
It does seem to work if you use a local account on the RDP server, don't force NTLMv2 and SMB signing. You are also limited to 8 character usernames and passwords.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2004 05:49 AM
тАО12-15-2004 05:49 AM
Re: RDP and Windows 2003 SMB Signing
Hi Derek an John,
I also am dissapointed about this. I just posted on the Altiris forum to get some attention about the matter. Would be nice to see if someone else thinks like me.
Please feel free to also post an reply so I'm not the only one who wants this in future releases :)
http://www.altiris.com/support/forum/tm.asp?m=343224&appid=&p=1&mpage=1&key=&language=&tmode=1&s=#343224
I also am dissapointed about this. I just posted on the Altiris forum to get some attention about the matter. Would be nice to see if someone else thinks like me.
Please feel free to also post an reply so I'm not the only one who wants this in future releases :)
http://www.altiris.com/support/forum/tm.asp?m=343224&appid=&p=1&mpage=1&key=&language=&tmode=1&s=#343224
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP