You aren't wrong. It is standard practice however to turn on this registry tweak if you are a competent sysadmin ;)
Needless to say I think that is a very big IF. That was my first post to the list in case anyone noticed. Hope to have some interesting discussions in the future. By the way, my work is in Microsoft technologies but my home is exclusively Gnu/Linux (except of course for the wife's pc). Andrew Baudouin Applications Programmer AWC, Incorporated [EMAIL PROTECTED] -----Original Message----- From: -ray [mailto:[EMAIL PROTECTED] Sent: Monday, November 08, 2004 4:29 PM To: [email protected] Subject: Re: [brlug-general] SECURITY: On-line database of all char based pass word hashes for Windows NT True, but in Win2k LM passwords are turned on by default for backwards compatibility with 98/NT4 clients. You have to explicitly turn off LM passwords if you know there are no 98/NT4 clients. Since i think it's a registry tweak to turn off LM, i'd imagine a lot of servers still have it turned on. At least on the Win2k box i looked at, i had an LM hash as well as an NTLMv2 hash. Of course i could be totally wrong. I don't claim to know anything about Windows. ray =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= On Mon, 8 Nov 2004, Baudouin, Andrew wrote: > It is important for those looking at this to know that this is for LM (Lan > Manager) passwords (Windows 98, NT 4.0). This is NOT for NTLMv2 passwords > used in Windows 2000 and up domains. > > > Andrew Baudouin > > Applications Programmer > > AWC, Incorporated > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
