Cause: “SMB 1.0 is deprecated. Once this is removed, systems running Windows XP or Windows Server 2003 (or older) operating systems will not be able to access file shares. SMB 1.0 has been replaced by SMB 2.0 and newer versions.” (Source: https://learn.microsoft.com/en-us/
Solution:
Step 1
———————————–
2012 Server: enable SMB1 compatibilty
Regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService => Change value: SamSS Srv2 => To: SamSS Srv
Restart server
2008 Server: enable SMB1
Regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Create REG_DWORD named “Smb1” with value of 1
———————————–
Step 2
———————————–
MMC >> Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options >> Network Security: LAN Manager authentication level >> Local Security Settings tab, set drop down menu option to “Send LM & NTLM – use NTLMv2 session security if negociated” >> OK >> Reboot server
———————————–
Step 3: Set domain policy to force Windows XP machines to authenticate in NTLMv2
———————————–
For security reasons, we should set domain polity to force XP/2003 machines to authenticate using LTLMv2. This would involve creating a container with all XP/2003 machines and attach a Domain Security Policy to that container.
Right click OU and attach policy >> Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options >> Network Security: LAN Manager authentication level >> Local Security Settings tab, set drop down menu option to “Send NTLMv2 only\refuse LM NTLM” >> OK
———————————–
Categories:
