Help Desk Wiki

Help Desk Wiki » FAQs » ChangingComputersAndServersToRefuseLMAndNTLMConnections

Changing Computers And Servers To Refuse LM And NTLM Connections

To be compliance with In Common Silver AD DS, LM and NTLM not allowed.

Fix: Set “Network security: LAN Manager authentication level” in the computers local security policy to “Send NTL Mv 2 response only. Refuse LM & NTLM” by utilizing one of the three methods below:

Method 1:

Edit the Local Security Policy 1. Click Start --> Control Panel --> Performance and Maintenance --> Administrative Tools --> Local Security Policy 2. In the Local Security Settings Window Security Settings --> Local Policies --> Security Options 3. Find the Policy "Network Security: Lan Manager Authentication Level" and set it to "Send NTL Mv 2 response only\refuse LM & NTLM" 4. Restart the computer

Method 2:

Edit the registry from a command prompt (recommended for advanced users) 1. Click Start --> Run --> cmd 2. In the Command Prompt Window Type REG ADD "HKLM\System\Current Control Set\Control\Lsa" /v "LM Compatibility Level" /t REG_DWORD /d "5" /f 3. Restart the computer

Method 3:

Edit the Registry Directly (recommended for advanced users) 1. Click Start --> Run --> regedit 2. My Computer --> HKEY_LOCAL_MACHINE --> System --> Current Control Set --> Control --> Lsa 3. Find the Name "lmcompatibilitylevel" and enter "Value Data" of 5 4. Restart the computer

Here is an example of using Wireshark and editing registry to fix this issue: http://richardkok.wordpress.com/2011/02/03/wireshark-determining-a-smb-and-ntlm-version-in-a-windows-environment/


Employee LoginViewPrintTalk

Home

Contact Us

Web: UF Computing Help Desk
Walk-in: HUB 132
Phone: (352) 392-HELP (4357)
Email: helpdesk@ufl.edu

Ask A Question

Submit a Question

Services

eLearning Support, Application Support Center

Self-Help

Help Desk Wiki, FAQ, Online Handouts, What's my UFID?

System Alerts

UF IT Dashboard Alerts (myUFL, Email, Network, etc)

Search