Hi, * W2K/WXP/W2K3/AD support NTLMv2 by default * NT4 supports NTLMv2 after SP3 or SP4 (not sure which one) * For W9x install the DSCLIENT (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adext ension.asp)
For more info see also: http://support.microsoft.com/?id=555038 http://support.microsoft.com/?id=239869 http://support.microsoft.com/?id=823659 (search for Network security: Lan Manager authentication level <-user right number 10) The latter KB article will give info on: * Background * Risky configurations * Reasons to Modify This Setting * Reasons to Disable This Setting * Symbolic Name * Registry Path * Examples of Compatibility Problems Hope this gives the info you're looking for Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/11/2005 9:58 PM Subject: [ActiveDir] LAN Manager Authentication Level setting I'm having a difficult time determining whether, and to what, I should change the LAN Manager Authentication Level. Can someone either describe, or point me to some well-written essay, on the details of how to determine when it's appropriate to change the setting? What do you need to be aware of in your environment both from workstation and server persepctives? What computer relationships (workstation to server, dial-in client to server, VPN connections, etc) contribute to this determination? Is this setting something that's implemented in more than one place? Where? I'm just blocked about this and need a wedge (no, not sledge) to loosen my understanding of it. Thanks, Jim Becker Asst. Dir. of Administrative Systems State University of New York System Administration [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
