NTLMv2

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: WallaceTech PostPosted: Tue May 31, 2011 6:23 pm    Post subject: NTLMv2
    ----
Guys,

Just looking for a final sanity check.

I have a single domain , single forest running a mix of Windows 2003 R2 & Server 2008 R2 domain controllers. The domain is running at Server 2003 native mode right now.

We also have a mix of member servers mostly 2003 and 2008 but the odd windows 2000 box kicking around. We currently run Windows XP SP3 across our desktop fleet.

We have in our Default Domain Policy

Network Security: LAN Manager authentication Level = Send LN & NTLM responses

We have in our Domain Controllers Policy

Network Security: LAN Manager authentication Level = Send NTLM response only

Now what I am wanting to do is change this on both Default Domain policy and Domain Controllers Policy to Send NTLMv2 response only. Refuse LN & NTLM

Now I have performed all this in my test domain and all on the face of it seems fine and dandy. However when I come to do this across out live environment with 700 odd workstations and 450+ servers do I change the Default Domain Policy first or should I make the change to the Domain Controllers Policy???

Thanks in advance

Author: Fire AntLocation: London PostPosted: Tue May 31, 2011 7:52 pm    Post subject:
    ----
First of all the Default Domain Controllers policy applies only to Domain Controllers and has no effect on member servers or clients.

NTLMv2 is supported in Windows 95 but may need to be enable it see http://support.microsoft.com/kb/239869

The following article will explain the policy item better than I can http://kb.iu.edu/data/atvn.html

Good Luck,

Fire Ant



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group