SMB: Denial of service detection should be enabled

Updated: November 17, 2010

Applies To: Windows Server 2008 R2

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the File Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Issue

Denial of service detection for the Server service is disabled.

Impact

The server will not be able to detect patterns of Server Message Block (SMB)-based communications that indicate that a malicious user is attempting a denial of service attack.

Resolution

If appropriate for your environment, use Registry Editor to enable denial of service detection.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enable denial of service detection

1. Click Start, click Run, type regedit, and click OK.

2. Locate and then click to select the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters.

3. If the DisableDos parameter does not exist proceed to the next step.

4. On the Edit menu, point to New, and then click DWORD Value.

5. Type DisableDos, and then press ENTER.

6. Right-click DisableDos and click Modify.

7. In the Value data box type 00000000 and click OK.