In windows server 2008, if we go to Network Security: LAN manager authentication level(gpedit.msc -> Computer Configuration -> WindowsSettings -> SecuritySettings LocalPolicies -> securityoptions ) and right click on it, we cannot change the value of the authentication level. It is greyed out.
To change this we need to go to following registry entry..
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel and set the value.
LmCompatibilityLevel should be
0 for Send LM & NTLM responses
1 for Send LM & NLTM - use NTLMv2 session security if negotiated
2 for Send NTLM response only
3 for Send NTLMv2 response only
4 for Send NTLMv2 response only\refuse LM
5 for Send NTLMv2 response only\refuse LM & NTLM
To change this we need to go to following registry entry..
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel and set the value.
LmCompatibilityLevel should be
0 for Send LM & NTLM responses
1 for Send LM & NLTM - use NTLMv2 session security if negotiated
2 for Send NTLM response only
3 for Send NTLMv2 response only
4 for Send NTLMv2 response only\refuse LM
5 for Send NTLMv2 response only\refuse LM & NTLM
No comments:
Post a Comment