As long as your Win9x clients do not have the Active Directory Client
Extensions loaded, these clients will not be able to do NTLM v2
authentication. So, you need to disable LM/NTLM support using Group Policy,
local or nonlocal,
Computer Configuration\Windows Settings\Security settings\Security Options
LAN Manager Authentication Level = Send NTLM v2 response only\refuse
LM & NTLM
or by editing the registry for NT4SP4 or higher
HKLM\System\CurrentControlSet\Control\LSA
LMCompatibilityLevel:REG_DWORD = 5
Hope this helps.
Regards,
arden
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Narkinsky, Brian
> Sent: Wednesday, March 03, 2004 11:20 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Prevent Windows 9x from logging into AD
>
> IS there anyway to keep users from authenticating from a
> standard Windows 9x machine?
>
> I am trying to kill the last few of these guys on our network
> and I thought there was some sort of NTLM registry setting I
> could set such that on NT clients could autenticate.
>
> Brian
>
> Brian Narkinsky
>
> System Manager
>
> Department of Environmental Protection
>
> MS 6520
>
> 2600 Blairstone RD
>
> Tallahassee, FL 32399
>
> phone (850)245-8314
>
> fax (850)412-0400
>
>
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
