Skip to main content

Just for whatever it is worth, I was told yesterday that the SMB scanning feature will NOT work with Win2003 server as the backbone. This is a fix that Ricoh is supposed to be working on. I don't know why this is, however, my guess is that it has something to do with authentication and security. Anyone else run in to this??

Graham
Original Post

Replies sorted oldest to newest

To enable SMB scanning on a Windows 2003 Server requires disabling a couple of registry settings:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Value Name: EnableSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Value Name: RequireSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)


I just did this and it works...

You also may have to edit the Default Domain Controller Group Policy:

Windows Server 2003 - default domain controllers Group Policy
Workstation/Client
Microsoft network client: Digitally sign communications (always) Policy Setting: not defined
Microsoft network client: Digitally sign communications (if server agrees) Policy Setting: not defined Effective Setting: enabled (because of local policy)

Server
Microsoft network server: Digitally sign communications (always) Policy Setting: enabled
Microsoft network server: Digitally sign communications (if client agrees) Policy Setting: enabled
This was my I.T. guy's response after I forwarded the "SMB Scanning and Win2003" post.


Just so you know. I have known of a work around for some time. Just didn't want to advertise it. You don't want people editing their registries. MAJOR ISSUES! The better way is to disable SMB Signing through the Group Policy. Editing the registry is a last resort.
Not only are we having the SMB problem with the "Digital signing through SMB for windows 2003 server. So has IBM! Here is their work around.
The AS/400 sends data like our Ricoh boxes do. They use SMB. Well when Microsoft 2003 server came out. The AS/400 would stop syncing data between the two. Well, Microsoft 2003 Server has SMB Digital signing defaulted to be turned ON from the install. And all other Microsoft Server Operating Systems (Such as Windows 2000 server) are defaulted to OFF! That right, we could not scan on window 2000 server, if an end user turned this feature to ON! The reason we haven't seen it because no one has turned it on. So, IBM solution was to turn it off in Windows 2003 Server. NOW the AS/400 works great with windows 2003 server. Thus the Ricoh boxes as well will be able to scan to folder via SMB. The reason Microsoft turned this feature ON was, that they has received so much scrutiny over the security of there products, they are making sure that this version is on LOCKDOWN out from the box. And they want everything to use ACTIVE DIRECTORY. SMB Doesn't need active directory. Turning this off will also speed up the windows 2003 server as well. That way it doesn't have to "digital sign" everything. The security shouldn't be affected drastically. I will attach this process in a PDF form.
It does work!
Enjoy!
P.S..... Ricoh states... "We DO NOT support SMB Scanning to Windows 2003 Server!"
Use at your own risk!
The editing of the registry is basically the "programmer way" to do the same. If you perform the Group Policy way, you are essentially performing the same task. Just the "Group Policy" way is a little safer than getting someone in the Windows Registry and having the possibility of a error that results a total OS failure. Its more a safety precaution. And may I add, its also Microsoft's recommended course of action.
BTW
I am Jim Parker's I.T. Guy!

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×