Disabling LM Authentication
Using strong passwords is useless if they are not encrypted properly. That’s why disabling LM authentication is important.
Requiring users to create complex passwords is of absolutely no use if those passwords can be easily extracted from a computer. By default, Windows 2000 and XP locally store the passwords hashes used during Lan Manager (LM) authentication. LM is an older technology and uses a very bad form of encryption that is easily cracked. In a network environment these passwords are transmitted to the primary domain controller for authentication purposes. This means that anybody with a network sniffer, LM cracking application, and a little bit of motivation can easily intercept and decode users passwords.
To disable transmission of LM hashes across the network on a single computer, complete these steps:
1. Open the registry editor and browse to HKLMSystemCurrentControlSetcontrolLSA
2. Find the key named “LMCompatibilityLevel”
3. Change this value to “5” to completely disable the use of LM authentication.
After doing this, you will still need to configure the computer to remove its local copy of the LM hash:
1. Create a new policy in the Group Policy Management Console, and browse to Computer Configuration > Windows Settings > Security Settings > Local Policies.
2. Select Security Options.
3. Double-click “Network Security: Do Not Store LAN Manager Hash Value On Next Password Change”.
4. Select Enabled, and click OK.
As a final thought, remember, that if you still have legacy clients connecting to your domain, you will still have to allow for LM authentication as it is the only form of authentication they will support.
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.