Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature Hi, we recently migrated a lot number of users from Windows XP to Windows 7. Our Windows 7 image is basically 7 Pro with apps and generic Sysprep /oobe etc. MDT then does the rest deploying all updates approved on our WSUS server. Unfortunately because of the number of updates (from SP1) I have no idea which update has changed this value. The problem it causes us is that our file servers are NetApp filers, users network drives and profile folders are all on there = no network drives, when you try and access a share via UNC path the following error occurs "this account is not authorized to log on from this workstation". We worked around this by changing the 'requiresecuritysignature' value to 0 by Group Policy. Does anyone know the KB number which has changed this registry value so we can block it at WSUS level? thanks Andy

Hi Andy, I did a quick research but didn't find such KB so far. In my windows 7 machine, although all security updates were applied, the value of 'requiresecuritysignature' is still 0. I am wondering if other applications or driver installation changed the registry value. In current situation, I'd suggest you just use startup/shutdown script or other GPO to change the setting. Regards, April

Hi April, Thanks for your reply. These builds are just generic WDS Operating System installs with MDT customsettings which sets regional settings and applies all approved Windows Updates. I have tested it with a Core server this afternoon and get the same problem there! I have already created a GPO that sets it back to 0 which is our workaround - but may have to be part of the default gpo as things stand. thanks Andy

Hi Andy, I think there are two options currently. 1. Identify the root cause and try to avoid it. 2. Find an acceptable workaround directly. --- For the option #1, it will be time-cosuming because you need to do a lot of tests to isolate the culprit firstly. --- For optionn #2, I understand you don't want to create a seperate GPO just for the registry key. You may add a command line to MDT task sequence in order to set the registry at the first logon. If it doesn't work yet, I'd suggest you just take the current workaround of the GPO. Please let me know if you have any further conerns. Regards, April

I have been working around this by setting a task to change this registry key, and also setting it again at default domain policy. It doesnt appear to be a Windows Update that changes this afterall, it appears to be something in state restore section of MDT task sequences on Server 2008 and any version of Windows 7. My organisation is actually putting the netapp filers in the background so to speak, this will mean we wont have the issue in future.

Hi Andrew, I'm running into the same issue as you. Can you give me your tutorial to resolve this problem?

I found the best option was to place the reg key of the correct value (0) in the image (eg C:\netapp.reg) , then execute it from the SetupComplete command - ensure you run it silently for slickness. What I done originally was to put the reg key change into group policy, but being impatient I went for the option above