Configure the Lan Manager Compatibility level (WinNT4 SP6+):
Configure the NT LanManager (NTLM) Security Support Provider (SSP) (WinNT4 SP4+):[HKEY_LOCAL_MACHINE \System \CurrentControlSet \control \LSA]
LMCompatibilityLevel = 3 (Default 0)
List of possible Lan Manager Compatibility levels
The LanManager can be configured not to require Challenge/Response(CHAP), but also allow Password Authentication Protocol(PAP) (WinNT4 SP3+):[HKEY_LOCAL_MACHINE \System \CurrentControlSet \control \LSA \MSV1_0]
NtlmMinClientSec = 0x20080030 (Default 0)
NtlmMinServerSec = 0x20080030 (Default 0)
List of possible Security Support Provider levels
The LanManager can be configured not to require Challenge/Response(CHAP), but also allow Password Authentication Protocol(PAP) (Win2k+):[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Rdr \Parameters]
EnablePlainTextPassword = 1 (Default = 0 and the most secure)
More Info MS KB166730
More Info MS KB256322
Related Description of password encryption level over network[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkStation \Parameters]
EnablePlainTextPassword = 1 (Default = 0 and the most secure)
More Info MS KB224287
More Info MS KB236414
More Info MS KB318266
Leave a Reply