Registry Changes not Persistent

[Shih]

We recently upgraded our NT4 DC's to Windows Server 2003 and in the course
of doing so needed to change the following keys to allow NTLM authentication
for some Dell Powervault NAS devices (that don't support SMB Signing). When
I change the values, users can browse and access the NAS devices. After
several hours users start complaining that they cannot access the NAS
devices and I find that the registry changes have reverted back to their
original values.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibilityLevel

HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature

HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\LanManServer\Parametes\RequireSecuritySignature

I make the changes logged on locally as an administrator and have rebooted
the server after making the change. Any idea what gives?

-Shih

 

[Mark V]

We recently upgraded our NT4 DC's to Windows Server 2003 and in
the course of doing so needed to change the following keys to
allow NTLM authentication for some Dell Powervault NAS devices
(that don't support SMB Signing). When I change the values,
users can browse and access the NAS devices. After several hours
users start complaining that they cannot access the NAS devices
and I find that the registry changes have reverted back to their
original values.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompati
bilityLevel

HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\LanManServe
r\Parameters\EnableSecuritySignature

HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\LanManServe
r\Parametes\RequireSecuritySignature

I make the changes logged on locally as an administrator and
have rebooted the server after making the change. Any idea what
gives?

And it is not an existing local security policy or GPO that's set
contrary to what you are doing manually?

 

[Randy Dalton]

In microsoft.public.win2000.registry Shih wrote:




And it is not an existing local security policy or GPO that's set
contrary to what you are doing manually?

I am not sure. How do I see what local policy maps to a registry entry?

 

[Mark V]

I am not sure. How do I see what local policy maps to a registry
entry?

I am sorry. I lost that this was NT4, which does not have (to my
knowledge) secpol.msc. It's been far too long since NT4 here.

But perhaps if you either turn on Auditing for those keys using
regedt32.exe (then Event Viewer Secutity entries) or use a registry
monitoing tool such as regmon.exe (sysinternals), you may detect
the account or process that is Writing to those keys.

 

[Guest]

-----Original Message-----


I am sorry. I lost that this was NT4, which does not have (to my
knowledge) secpol.msc. It's been far too long since NT4 here.

But perhaps if you either turn on Auditing for those keys using
regedt32.exe (then Event Viewer Secutity entries) or use a registry
monitoing tool such as regmon.exe (sysinternals), you may detect
the account or process that is Writing to those keys.

.