Network security:LAN manager authentication level setting on GPO

hi,

we have requirement project team change 1 of security setting on default domain policy computers in domain. below security setting need modify.

computer configuration-->windows settings-->security settings-->local policies-->security options-->

network security: lan manager authentication level 

this setting need changed - send lm & ntlm - use ntlmv2 session security if negotiated.

the project team facing issue apache web server , found solution on below link.(we have tested  by changing local group policy , solution works expected)

https://www.sysaid.com/sysforums/posts/list/9065.page 

we need know impact after enabling on domain computers.

need on go-head on this.

hi,

you have weaker domain security overall. "

lm hash generation 

the algorithm introduces several weaknesses attackers can exploit. first, lowercase characters set uppercase, reducing number of possible characters. second, splits long, strong, password 2 seven-character chunks.

[..]

both lm , ntlm protocols operate same way; difference password hash.

ref: the misunderstood windows security setting of time

---

post provided no warranties or guarantees, , confers no rights.
~~~
questo post non fornisce garanzie e non conferisce diritti

Windows Server  >  Group Policy