Re: NTLM on Native Domain

• Previous message: Paul Todd: "Re: IAS"
• In reply to: Peter K.: "NTLM on Native Domain"
• Next in thread: Peter K.: "Re: NTLM on Native Domain"
• Reply: Peter K.: "Re: NTLM on Native Domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Mon, 31 Mar 2003 19:46:50 +1000

Peter, NTLM is still enabled in native AD mode - and you can't disable it.
Restrict NTLM use to NTLMv2, use firewalls and IPsec to further restrict
unauthorised access to your network.

-- 
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Peter K." <pmkdatabase@yahoo.ca> wrote in message
news:9lqf8v0r1fe70iu83ljti5gvdmhctume04@4ax.com...
> Hi,
>
> I have a native W2K domain. My event log shows many attempted logons
> every day as follows below. These are not from my users.
>
> My understanding of this quote from the help system is that NTLM is
> now disabled on my DCs.
>
> "If you do not have a mixed-mode network, you can disable NTLM
> authentication by switching to native mode at a domain controller"
>
> Is this correct and therefore all NTLM authenticated logons  are
> doomed to failure no matter what  the credentials?
>
> Thanks very much - it is tough to find the answers to these questions
> anywhere else but here...
>
> Peter
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 3/30/2003
> Time: 9:20:48 PM
> User: NT AUTHORITY\SYSTEM
> Computer: xxxx-01
> Description:
> Logon Failure:
>   Reason: Unknown user name or bad password
>   User Name: Administrator
>   Domain: ITREX-98HIVYD31
>   Logon Type: 3
>   Logon Process: NtLmSsp
>   Authentication Package: NTLM
>   Workstation Name: ITREX-98HIVYD31

• Previous message: Paul Todd: "Re: IAS"
• In reply to: Peter K.: "NTLM on Native Domain"
• Next in thread: Peter K.: "Re: NTLM on Native Domain"
• Reply: Peter K.: "Re: NTLM on Native Domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows 2000 IIS Logon issue ... Integrated authentication doesn't work with the default logon domain ... \ prefix, it means you should have a local account with the ... is the local account on this box. ... a general reason for an account NTLM auth works but Basic not ... (microsoft.public.inetserver.iis.security) Re: Event log shows NTLM not Kerberos ... Successful Network Logon: ... Authentication Package: NTLM ... Authentication Package NTLM not Kerberos? ... (microsoft.public.security) Re: Security Audit Log ... Logon Type 3 is network. ... NTLMSSP = NTLM authentication ... Auth Package NTLM is kind of redundant, it's the only auth package that the ... (microsoft.public.windowsxp.security_admin) Re: Lots of 529 events ... > Logon Failure: ... Unknown user name or bad password ... > Authentication Package: NTLM ... (microsoft.public.exchange2000.win2000) Re: NTLM on Native Domain ... I'm not sure what part of documentation states that you can disable NTLM - ... Maybe the doco means that in native mode trusts between domains ... >>Peter, NTLM is still enabled in native AD mode - and you can't disable ... >>unauthorised access to your network. ... (microsoft.public.win2000.security)