Forum Replies Created
- AuthorPosts
Brian Johnson
MemberNeil Robinson wrote:
> Brian L Johnson wrote:
>> Well, well…
>>
>> Microsoft have just issued a security warning about the SMB2
>> protocol.
>>
>> http://www.microsoft.com/technet/security/advisory/975497.mspx
>>
>> This is the protocol that Vista uses by default.
>>
>> The one where you can't turn off OpLocks.
>>
>> The one where you have to actually turn off SMB2 so that Vista will
>> revert to SMB1 which is one where you CAN turn off OpLocks.
>
> Hi Brian,
>
> Thanks for this. So if the file server is running Vista, you have to
> turn off SMB2 in order to run SMB1? Interesting. And since SMB2 is on by
> default and doesn't support turning off oplocks, this was no doubt the
> culprit behind your recent problems with network locking.Indeed. No matter how careful you are at turning off all the Lanman stuff,
none of it makes any difference under Vista because it doesn't apply. It
only applies *after* you've turned SMB2 off.In a way, Microsoft's security problem with is a blessing: now a lot more
people are aware that they should turn SMB2 off.Caution: when the 'fix' is released, watch out for SMB2 being turned back
on again.> Another stupid move by Microsoft, just like the oplocks thing itself.
> Instead of turning off dangerous settings by default, they prefer to
> turn them on. The average SME won't have any on staff network admin and
> would be more likely to be using a light-weight home-brew solution based
> on a desktop database where this sort of functionality is required.
> Microsoft should leave these sorts of settings off and teach their MSCE
> types how to them on and *why* and *when* to turn them on, instead of
> putting everybody else's data at risk just so they can squeeze a little
> better performance out.Exactly.
—
-brianlj-- AuthorPosts