/bundles/itninjaweb/img/Breadcrumb_cap_w.png
I recently set up the K1000 Express appliance in our environment and ran into an Agent deployment issue. Provisioning would fail with the error "NETWORK/CreateProcessAsUser" because the client could not access the K1000\client share. Clients couldn't access the share because our domain SMB client settings require all communications to be digitally signed.

As a workaround I've been remotely connecting to each computer's registry, changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\"RequireSecuritySignature" from "1" to "0", provisioning the KACE agent to that computer, then remotely connecting back to the registry to change that value back to "1".

Is there any way to enable SMB signing through the http://K1000/admin web gui? If not how can you access the appliance's unix subsystem to edit the Samba service to enable SMB signing?
2 Comments   [ - ] Hide Comments

Comments

  • Access to the UNIX FreeBSD is restricted to KACE support only, there are ways to retrieve the root access credentials but this is a violation of their License Agreement.

    As far as I know, LAN Manager Authentication Level 5 and SMB Singing are not supported
    • Do you happen to know if SMB signing is available on the full version of KACE? I'm using KACE Express to evaluate if we want to switch to KACE, but if SMB signing isn't possible & I cannot permanently change the RequireSecuritySignature setting on Windows workstations it looks like KACE isn't going to be a viable option.
  • how about deploying the agents using a GPO?
    Then you don't need to work through this stuff. The Express has a wizard creating the GPO together.
    • The k1000's group policy provisioning points you to https://support.quest.com/kb/133776 to download the GPO Provisioning Tool, but I can't download it because we haven't purchased KACE. I tried copying the agent install to a client & running it manually, but that agent never checked in with the console.
Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity

Answers