Home
Windows Registry Tweaks
Index Page
Hardware
Disk Drives
Mice and Keyboards
Modems and Communications
Printers and Plotters
Processor and Motherboard
Video and Graphics
Network
Clients
Internet and Remote Access
Protocols
TCP/IP
WINS
Servers
Security
Active Desktop
Control Panel
Display
Network
Passwords
Printers
System
Desktop and Explorer
Login and Authentication
Network
Privacy
Remote Access
Start Menu and Taskbar
Documents and Folders
System
Software
Internet Explorer
Appearance
Network and Connections
Search Features
Security
Media Player
Microsoft Office
Outlook
Netmeeting
Outlook Express
pcAnywhere
Windows CE
Windows Messenger
Tips and Tricks
Configuration Files
AUTOEXEC.BAT
BOOT.INI
CONFIG.SYS
MSDOS.SYS
SYSTEM.INI
Customization
Keyboard Shortcuts
Windows
Accessories
Command Processor
Dr Watson
Registry Editor
Task Scheduler
Windows Installer
Appearance and Display
Icons and Fonts
Menus And Windows
Desktop
Explorer
File System
Caching and Memory
Files and Shortcuts
Maintenance
Login and Authentication
Start Menu and Taskbar
Documents and Folders
Taskbar
Startup and Shutdown
System
Scripts
Services
Windows File Checker
Troubleshooting
Crash Control
Logging
Repair
Registry FAQ
Dreamage
Book List
Downloads
Support Forums
Newsletter
Download Updates
Subscribe
Registry Guide for Windows Registry Guide for Windows
Part of the Dreamage Network 		Dreamage Network and Software
Registry tweaks, tricks & hacks to optimize, enhance and secure Microsoft Windows.

Changing LAN Manager Authentication on Windows NT (Windows NT)
Category: Home > Security > Network

Download this tweak with Tweak Manager!This tweak can be easily applied using Dreamage Tweak Manager.
Download a free trial now!

Windows NT supports two kinds of challenge/response authentication: LanManager (LM) and Windows NT (NTLM). LM authentication is not as strong as Windows NT authentication so some customers may want to disable its use, because an attacker sniffing the network traffic could possibly attack the weaker protocol.

The implementation of the NTLM Security Service Provider (SSP) in Server Pack 4 has been enhanced to allow clients to control which variants of NTLM are used, and to allow servers to control which variants they will accept.

To change the type of authentication to be used modify the key below with the following values:

Level 0 - Send LM response and NTLM response; never use NTLMv2 session security
Level 1 - Use NTLMv2 session security if negotiated
Level 2 - Send NTLM response only
Level 3 - Send NTLMv2 response only
Level 4 - DC refuses LM responses
Level 5 - DC refuses LM and NTLM responses (accepts only NTLMv2)

Note: Currently only Windows NT 4.0 (SP4 and greater) support NTLMv2.

Registry Editor Example
|NameTypeData|
|(Default)REG_SZ(value not set)|
|LMCompatibilityLevelREG_DWORD0x00000001 (1)|
-
|HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa|
-

Settings:
System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Name: LMCompatibilityLevel
Type: REG_DWORD (DWORD Value)
Value: 0 (default) to 5 as defined above

Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. We cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.

Last Modified: May 14, 2002

 Return to Index Copyright © 1998-2003. All Rights Reserved.  License