Author: WallaceTech, Posted: Tue May 31, 2011 6:23 pm Post subject: NTLMv2 ---- Guys,
Just looking for a final sanity check.
I have a single domain , single forest running a mix of Windows 2003 R2 & Server 2008 R2 domain controllers. The domain is running at Server 2003 native mode right now.
We also have a mix of member servers mostly 2003 and 2008 but the odd windows 2000 box kicking around. We currently run Windows XP SP3 across our desktop fleet.
Network Security: LAN Manager authentication Level = Send NTLM response only
Now what I am wanting to do is change this on both Default Domain policy and Domain Controllers Policy to Send NTLMv2 response only. Refuse LN & NTLM
Now I have performed all this in my test domain and all on the face of it seems fine and dandy. However when I come to do this across out live environment with 700 odd workstations and 450+ servers do I change the Default Domain Policy first or should I make the change to the Domain Controllers Policy???
Thanks in advance
Author: Fire Ant, Location: LondonPosted: Tue May 31, 2011 7:52 pm Post subject: ---- First of all the Default Domain Controllers policy applies only to Domain Controllers and has no effect on member servers or clients.