From: Rocky Stefano (
Date: 10/02/01

From: "Rocky Stefano" <>
To: "Focus on MicroSoft" <>
Subject: RE: NTLM
Date: Tue, 2 Oct 2001 10:54:17 -0400
Message-ID: <>

NTLMv2 is what you should use in a mixed W2K/NT4 domain. If all your clients
are W2K you should use Kerberos authentication which is native in W2K. One
caveat to this is RAS. Even if you are running a native W2K forest/domain
and are using Kerboros anyone using RAS to dialin still has to use NTVLM to
authenticate. PSS has said it will stay like this for AWHILE

-----Original Message-----
From: Kevin and Laura Brown []
Sent: October 1, 2001 10:05 PM
To: Focus on MicroSoft
Subject: NTLM

What are the security implications of using NTLM? Is NTLM encrypted? What
are the alternatives in a Win2K environment (meaning native to the OS. I'm
not interested in solutions like smart cards for my current needs)? What
are the pros and cons of using NTLM vs other Win2K authentication schemes?

Basically, I'm trying to determine if NTLM is the best course of action for
securing remote user authentication in a Win2K LAN for services such as
telnet. Also, which services can use NTLM? I know this is a lot of
questions, and I plan on reading the technet site for a better understanding
of how it works, but I wanted to get some professional opinions on its

Thanks in advance,