Or just want to know how to shoot yourself in the foot?
SMB Message Signing is one of Microsoft's top support call generators, and for good reason. It mitigates valid security threats, but is very complicated to use and can have far-reaching implications on the stability and functionality of your network. To help people figure out how to use it properly I made it the topic of the September Security Management column: http://www.microsoft.com/technet/community/columns/secmgmt/sm0905.mspx.
I titled the column "How To Shoot Yourself in the Foot With Security, part 1." I have no idea how many parts there will be but as anyone who has been in the field for a while knows, there are many ways to shoot yourself in the foot with security! If you have a favorite story in particular or something you'd like me to discuss, let me know, or start comment thread here.
We recently moved all of our files from an NT file server to a 2003 file server. Our Canon digital copiers would not talk to the new server during scanning. A senior Canon network tech sent over step-by-step instructions for modifying group policy to disable SMB signing on the servers, without one word of warning about possible negative security consequences. We ended up upgrading the software on the newest copier, and set up workarounds on the other to scan to workstations.
Not surprising Tim. This is very common. It is unfortunate that if we want to use these third-party products, we have to turn off security protocols. Glad to hear you figured out a way to mitigate the risks.
So, 15 years ago, when SMB was designed, did you ever think you would use the phrase "we ended up upgrading the software on the copier?"