Force SMB signing on KACE K1000 Express
I recently set up the K1000 Express appliance in our environment and ran into an Agent deployment issue. Provisioning would fail with the error "NETWORK/CreateProcessAsUser" because the client could not access the K1000\client share. Clients couldn't access the share because our domain SMB client settings require all communications to be digitally signed.
As a workaround I've been remotely connecting to each computer's registry, changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\"RequireSecuritySignature" from "1" to "0", provisioning the KACE agent to that computer, then remotely connecting back to the registry to change that value back to "1".
Is there any way to enable SMB signing through the http://K1000/admin web gui? If not how can you access the appliance's unix subsystem to edit the Samba service to enable SMB signing?
As a workaround I've been remotely connecting to each computer's registry, changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\"RequireSecuritySignature" from "1" to "0", provisioning the KACE agent to that computer, then remotely connecting back to the registry to change that value back to "1".
Is there any way to enable SMB signing through the http://K1000/admin web gui? If not how can you access the appliance's unix subsystem to edit the Samba service to enable SMB signing?
2 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
As far as I know, LAN Manager Authentication Level 5 and SMB Singing are not supported - Channeler 6 years ago
Then you don't need to work through this stuff. The Express has a wizard creating the GPO together. - Nico_K 6 years ago