Hi,
We are looking to force SMB signing on all our servers and workstation to tighten the security. But so far in my test setup it does not work.
We have number of 2008 r2 machines plus mixed Windows 7 and XP environment.
I have created a test 2k8 r2 server with File Server role installed and a windows 7 x64 machine as a client test.
Both machines are part of our live domain.
I have applied group policies and confirmed for them to be correctly applied only to those two machines to test behaviour before roll-out to the company.
I prepared those GP to test fail in communication.
The following settings were applied to my test machines:
2k8 R2 with File Server role:
Microsoft network server:- Digitally sign communications (always) ENABLED
- Digitally sign communications (if server agrees)DISABLED
- Digitally sign communications (always) ENABLED
- Digitally sign communications (if server agrees) DISABLED
and on windows 7 machine
- Digitally sign communications (always) DISABLED
- Digitally sign communications (if server agrees)DISABLED
- Digitally sign communications (always) DISABLED
- Digitally sign communications (if server agrees) DISABLED
According to my knowledge this should result in Windows 7 machine not being able to open a share in the target server with error: “System error 1240 has occurred. The account is not authorized to log in from this station." but the share is being open without any problem.
Could anybody comment on why W7 machine can open the share while it should have been blocked?
Thank you