Ed’s Tech Blog

We have a Ricoh Aficio 2232c fancy printer, scanner, copier at the office. I don’t actually know which version on SMB (SAMBA) that the printer runs. The network is Windows 2000 SP4.

Here’s how to keep the security high, while letting the SMB connect to the server. For the Active Directory user that is used by the SMB client to connect, these are some Group Policy Security settings that work without compromising the domain security.

Computer Configuration > Windows Settings > Security Settings > Security Options >

Policy Computer Setting

LAN Manager Authentication Level Send NTLMv2 response only\refuse LM
Secure channel: Digitally encrypt or sign secure channel data (always) Enabled
Secure channel: Digitally encrypt secure channel data (when possible) Enabled
Secure channel: Digitally sign secure channel data (when possible) Enabled
Secure channel: Require strong (Windows 2000 or later) session key Enabled
Send unencrypted password to connect to third-party SMB servers Enabled

This entry was posted on Thursday, November 10th, 2005 at 7:36 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.