Re: RE: ADS Password Storage Protection
- From: e.m.baechle@xxxxxxxx
- Date: 27 Jul 2006 19:10:33 -0000
Rolando,
You can divide up the settings if you want, but the easiest method is to apply GPO's with these settings to both the DCs and the Workstations.
Establishing the settings for workstations is especially important in cases where they are laptops operated either in a local-authentication mode or disconnected from the domain.
In any case you'll want to disable the storage of LM Hash on both the workstations and the DCs and establish NTLMv2 as the communication protocol of choice on both sets of systems (otherwise you may not connect, or experience long authentication delays while the workstations and DCs negotiate the communication settings).
Sincerely,
Eric B.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- RE: RE: ADS Password Storage Protection
- From: Roger A. Grimes
- RE: RE: ADS Password Storage Protection
- Prev by Date: RE: rootkit behavior
- Next by Date: Re: How to stop Admins from sniffing ?
- Previous by thread: Re: Re: ADS Password Storage Protection
- Next by thread: RE: RE: ADS Password Storage Protection
- Index(es):
Relevant Pages
|
|
