Re: LM or NTLMv1 or NTLMv2
From: Eric Chamberlain (eric_james_chamberlain_at_hotmail.com)
Date: 05/02/03
- Next message: John McCoy: "Re: Need advice for CA Model"
- Previous message: Peter Clark: "LOCK OUT!!!!!!!NEED HELP!!!!!!!"
- In reply to: youpski: "LM or NTLMv1 or NTLMv2"
- Next in thread: Eric Fitzgerald [MSFT]: "Re: LM or NTLMv1 or NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 10:19:36 -0700
You can try the ScoupLM tool at www.securityfriday.com. It will show what
the inbound SMB traffic is using.
"youpski" <youpski@remove_hotmail.com> wrote in message
news:01b401c30fe6$8acfe140$3401280a@phx.gbl...
> Hi, is there a way of auditing whether clients use
> LM/NTLMv1 or NTLMv2 to logon to my W2K AD domain
> controller? We want to eliminate LM but need to know
> first if it is still used. When you look at the security
> Event ID's 540, I only see Authentication Package: 'NTLM'
> or 'Kerberos' logged. Does this event log an LM
> authentication as "Authentication Package: LM" or is
> there no difference in the logging for LM/NTLMv1 or
> NTLMv2. Does anybody know how I can check which version
> of LM or NTLM down-level clients or applications like
> samba use? I don't have the abbility to locally check
> thousands of clients or applications so this needs to be
> checked from the Domain Controller.
>
> Please do not reply with 'you should not allow LM or
> NTLMv1 at all', 'just disable the use of LM in the
> security policy' or other well-intentioned advice. I
> understand the risk of LM just fine.. that is why we
> would like to eliminate it.
>
> thnx Y
- Next message: John McCoy: "Re: Need advice for CA Model"
- Previous message: Peter Clark: "LOCK OUT!!!!!!!NEED HELP!!!!!!!"
- In reply to: youpski: "LM or NTLMv1 or NTLMv2"
- Next in thread: Eric Fitzgerald [MSFT]: "Re: LM or NTLMv1 or NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
