Re: NT4 password limited to 14 characters ?

The practical matter is, you don't.

And I gotta say this--that NT 4 domain should be upgraded to Windows Server 2003 as soon as possible. NT 4 support ended a very long time ago.

Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley


<jwgoerlich@xxxxxxxxx> wrote in message news:1185190916.601875.117430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Fair enough. That still begs the question: how does Pascal, the OP,
enable passwords of more than 14 characters on a Windows NT4 domain?

J Wolfgang Goerlich

On Jul 21, 11:10 pm, "Steve Riley [MSFT]" <steve.ri...@xxxxxxxxxxxxx>
wrote:
There are two hashes:
* LM
* NT

There are four authentication methods:
* LM
* NTLM
* NTLMv2
* Kerberos

Here's how they relate:
* LM authentication uses the LM hash
* NTLM, NTLMv2, and Kerberos all use the NT hash

(It's incorrect to say "NTLM" or "NTLMv2" hash.)

LM hashes (and it's really a stretch to call them "hashes") are generated
only if both of these are true:
* You haven't disabled LM hash generation
* Your password length is 14 characters or less

In NT 4.0, the User Manager wouldn't permit you to enter a password longer
than 14 characters. Windows 2000 and higher permit entering a password up to
127 characters; the actual maximum length is 255 characters.

If, however, you meet a certain, ah, esoteric set of requirements, your
minimum length must be at least 18,770 characters. :) Actually, that's a UI
bug described inhttp://support.microsoft.com/kb/q276304/. Still, it's
funny.

Steve Riley
steve.ri...@xxxxxxxxxxxxxxxxx://blogs.technet.com/steriley


.

Relevant Pages

  • Re: NT4 password limited to 14 characters ?
    ... Then I have changed my password through usrmgr to a classic password just for testing that the LM hash is not yet used. ... Actually it is not possible for this company to upgrade the NT4 domain to AD 2003. ... The "big" problem of this situation is that we have to communicate to users that they have to set up a password with a minimal password length of 9 characters AND a maximum password length of 14 :-( ... I have already read that it is a GUI limitation of usrmgr but I have also tried to set up the password through the net user command and through a windows 2000 SP4 member of the NT4 domain but with no success. ...
    (microsoft.public.windows.server.security)
  • Re: NT4 password limited to 14 characters ?
    ... It is not possible to disable the LM Hash on an NT4 computer. ... Now, if I am right with what I said above, why is it possible to define an LMCompatibilityLevel to 5 if the NT4 does not support it? ... Even if I think I will finally bypass the problem by limiting the password synchronization through MIIS only for specific users (that will limit only those users with a 14 characters password length), I really would like to understand how does it work on NT4:) ... I have already read that it is a GUI limitation of usrmgr but I have also tried to set up the password through the net user command and through a windows 2000 SP4 member of the NT4 domain but with no success. ...
    (microsoft.public.windows.server.security)
  • [Full-disclosure] Re: What A Click! [Internet Explorer]
    ... > tell your windows to open .HTA files in notepad. ... > (since there are more ways to cover windows with malicious lookalikes). ... >> Using custom Microsoft Agent characters it is possible to cover any kind ... including security or download dialogs. ...
    (Full-Disclosure)
  • Re: Tk 8.4.11 / Windows XP / Encoding problem
    ... Some of our clients are experiencing a weird problem on their Windows XP PCs. ... suddenly they start showing other characters instead of the correct utf-8 ... Tcl usually does proper detection of the system encoding. ...
    (comp.lang.tcl)
  • Re: File Attributes a real stumper
    ... Windows is based on that ANSI character set, or it may contain reserved windows names, such as 'com', 'lpt', or others. ... I've seen these type of files created using FTP, which supports ASCII, and an FTP server supports ASCII, and Windows will create it from FTP, but when you try to view it, or delete it, you'll have problems. ... A little background on undeletable files and folders: ... They would upload their illegal software to the FTP servers they find, but they would name the files and the folder they create with extended characters and symbols that FTP supports but Windows does not directly support, as well as create a very deep file structure with these extended unsupported ASCII characters, and/or file names with these characters that are greater than 256 characters. ...
    (microsoft.public.windows.server.general)