• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

NTLMv2

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
WallaceTech
Just Arrived
Just Arrived


Joined: 01 Oct 2008
Posts: 0


Offline

PostPosted: Tue May 31, 2011 6:23 pm    Post subject: NTLMv2 Reply with quote

Guys,

Just looking for a final sanity check.

I have a single domain , single forest running a mix of Windows 2003 R2 & Server 2008 R2 domain controllers. The domain is running at Server 2003 native mode right now.

We also have a mix of member servers mostly 2003 and 2008 but the odd windows 2000 box kicking around. We currently run Windows XP SP3 across our desktop fleet.

We have in our Default Domain Policy

Network Security: LAN Manager authentication Level = Send LN & NTLM responses

We have in our Domain Controllers Policy

Network Security: LAN Manager authentication Level = Send NTLM response only

Now what I am wanting to do is change this on both Default Domain policy and Domain Controllers Policy to Send NTLMv2 response only. Refuse LN & NTLM

Now I have performed all this in my test domain and all on the face of it seems fine and dandy. However when I come to do this across out live environment with 700 odd workstations and 450+ servers do I change the Default Domain Policy first or should I make the change to the Domain Controllers Policy???

Thanks in advance
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Tue May 31, 2011 7:52 pm    Post subject: Reply with quote

First of all the Default Domain Controllers policy applies only to Domain Controllers and has no effect on member servers or clients.

NTLMv2 is supported in Windows 95 but may need to be enable it see http://support.microsoft.com/kb/239869

The following article will explain the policy item better than I can http://kb.iu.edu/data/atvn.html

Good Luck,

Fire Ant
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register