Re: NTLM

From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 03/21/03

• Next message: John: "Re: Why is MS03-008 not on the SUS server after Sync"
• Previous message: Vlod: "NetBEUI and TCP/IP Sharing"
• In reply to: Ondřej Ševeček: "Re: NTLM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Fri, 21 Mar 2003 23:18:34 +1100

Surely. We had problems disabling NTLMv1 i.e. cluster services not working
etc.

-- 
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Ondřej Ševeček" <ondra@sevecek.com> wrote in message
news:#f4E00y7CHA.824@TK2MSFTNGP11.phx.gbl...
> Test the settings working. I have recently some problems with those. NTLM
is
> not as non-neccessary as it seems. Sometimes you need troubleshoot even
> small problems without domian accounts and NTLM will come in userful.
> Ondra.
>
>
> "S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
> news:OYpl6Jt7CHA.3208@TK2MSFTNGP11.phx.gbl...
> > Kerberos-only will be sufficient but you cannot disable NTLM cmpletely,
> but
> > restrict versions - see http://support.microsoft.com/?kbid=147706
> >
> > --
> > Svyatoslav Pidgorny, MS MVP, MCSE
> > -= F1 is the key =-
> >
> > "Peter K." <pmkdatabase@yahoo.ca> wrote in message
> > news:ebti7v01s87uulg2kpjtkqdvjrst8k54o3@4ax.com...
> > > Hi,
> > >
> > > Further to my post on being hacked, the attempts are by NTLM.
> > >
> > > Do I need NTLM? I run a small, native W2K domain. All my workstations
> > > are W2K. We run SQL Server, Exchange Server, and a couple of people
> > > use offline Exchange folders, and call in to RRAS Remote Access by
> > > modem to synchronize. They  use W2K or XP pro. I run IIS internally.
> > > Does any of this access require NTLM?
> > >
> > > I do have 2- W98 workstations but they primarily run a DOS app and it
> > > would not be a major problem if they did not even authenticate to the
> > > domain but were in a separate workgroup.
> > >
> > > If I don't need NTLM, how do I disable it?
> > >
> > > Thanks a lot!
> > >
> > > Peter
> > >
> >
> >
>
>

---

• Next message: John: "Re: Why is MS03-008 not on the SUS server after Sync"
• Previous message: Vlod: "NetBEUI and TCP/IP Sharing"
• In reply to: Ondřej Ševeček: "Re: NTLM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Problem with VPN and LMcompatibility level ... far as I know there is no workaround. ... Disabling lm authentication is much ... more important than disabling ntlm. ... (microsoft.public.windows.server.networking) Re: Disabling LM Hash creation ... Programs like LC will still crack the NTLM passwords if you disable the LM ... hash using the LM password, it can then crack the 'real' password i.e. ... > cracked the password in fifteen minutes or less, after disabling lm and ... (microsoft.public.win2000.security) Re: NTLM ... Test the settings working. ... Sometimes you need troubleshoot even ... small problems without domian accounts and NTLM will come in userful. ... and call in to RRAS Remote Access by ... (microsoft.public.win2000.security) Re: Disabling LM Hash creation ... I actually tested using the same password for both lm and ntlm. ... resetting the password to the same password I gave up trying after it was ... still trying brute force crack overnite. ... >> I use Cain and Abel and my experience is that after disabling lm hash and ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)