Skip to main content
Hitachi Vantara Knowledge

Configuring SMB security

The server integrates seamlessly into the existing domain and simplifies access control by performing all authentications against the existing domain user accounts.

NoteOnly accounts that have been created in the domain or in a trusted domain can access the server.

When a user attempts to access a share, the server verifies appropriate permissions; once access is granted at this level, standard file and directory access permissions apply.

The server operates on a specific domain and can, optionally, join an Active Directory. It interacts with a domain controller (DC) in its domain to validate user credentials. The server supports Kerberos-based authentication to an Active Directory, as well as NTLM authentication (using pre-Windows 2000 protocols). In addition to users belonging to its domain, the server allows connections from members of trusted domains.

The server automatically grants administrator privileges to domain administrators who have been authenticated by the DC. In addition, local administration privileges can be assigned, including backup operator privileges to selected groups (or users).

NoteSMB can assign rights to machine (computer) accounts. A machine account is generated automatically by the operating system and registered in Active Directory. It can be used for authentication within a domain. A machine account authentication can be only done by an application which has built-in support. For example, Hyper-V server allows storing virtual machines on remote shares. Such shares should allow full access for the machine account of a computer running Hyper-V server.


  • Was this article helpful?