How can we improve the SMA (K1000)?

Allow access to agent share after SMB Signature Required is enabled in AD

Once SMB Signature Required is enabled in Active Directory then the agent share is unable to be access. It would nice to be able to download the new agent without having to block smb signature and then have to enable smb signature again.

37 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Jeremy shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

12 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    This issue has been outstanding for almost 3 years? Ridiculous. Obviously it has fallen off of the radar at Kace. Is there a way to escalate the issue so that it can be addressed?

  • Rich LeBlanc commented  ·   ·  Flag as inappropriate

    PCI Failure folks - let's go, get it fixed. One way to fix it would be to allow it to add to an AD domain, and we could remove "Everyone" from the share of client installers and replace with "Domain\Domain Users"

  • Frosty commented  ·   ·  Flag as inappropriate

    I'm another who needs SMB Packet Signing to be supported. Like the rest here, being a PCI DSS Compliant environment, it is disappointing that the KACE appliances' functionality is impaired in this way (the file shares are inaccessible).

  • Anonymous commented  ·   ·  Flag as inappropriate

    Also allow a different port to eliminate NETBIOS. It requires very few line changes in the samba configuration. I've done it on all my Linux boxes.

  • Tom Tucker commented  ·   ·  Flag as inappropriate

    We also have findings about this on our windows servers. Since we patch and update the agents through KACE we cannot turn it on unless we want to manually install 3000 agents everytime there is an update.

  • Craig Willis commented  ·   ·  Flag as inappropriate

    We need this addressed as well. SMB signing was the only finding of significance in our latest pen test. Ironic that the server that we use to push out security updates is the least secure server in our enterprise.

  • Orlando Gonzales commented  ·   ·  Flag as inappropriate

    SMB signing was an Audit finding that was discovered in our environment when will SMB Signing be configured on KACE 1100 and 2100?

  • Pete Langlois commented  ·   ·  Flag as inappropriate

    This is a critical component for us. SMB Signing is now mandated by various governing bodies. Adding the option to change to smb.conf file to allow digital signing would be greatly appreciated.

Feedback and Knowledge Base