OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brad Judy (judyCOLORADO.EDU)
Date: Thu Jan 11 2001 - 16:19:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The Directory Services client for Win98 included with Win2k adds NTLMv2
    support to Win98. This support will stay in place even if the client is
    uninstalled.

    An important note on disabling LM is that Macintosh UAM authentication
    relies on LM for authentication. As I posted previously to this list,
    higher education institutes are attempting to pressure Microsoft into adding
    kerberos or NTLMv2 support into their Mac UAM client.

    Brad Judy
    Information Technology Services
    University of Colorado at Boulder

    > -----Original Message-----
    > From: Focus on Microsoft Mailing List
    > [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Forrester, Mike
    > Sent: Thursday, January 11, 2001 2:58 PM
    > To: FOCUS-MSSECURITYFOCUS.COM
    > Subject: Re: Windows NT/2000 - Disabling LAN Man Password Hash
    >
    >
    > I haven't 'tried and tested' this, but it may be worth checking into and
    > others on this list my have some more info, but I was under the impression
    > that their was a client on the Windows 2000 CD (not sure which versions)
    > that has an updated client for Win 98 (9x?) boxes.
    >
    > HTH,
    > Mike
    >
    > -----Original Message-----
    > From: Mike Ahern [mailto:mc_ahernYAHOO.COM]
    > Sent: Wednesday, January 10, 2001 2:59 PM
    > To: FOCUS-MSSECURITYFOCUS.COM
    > Subject: [FOCUS-MS] Windows NT/2000 - Disabling LAN Man Password Hash
    >
    >
    > Has anyone real world experience disabling the LAN
    > Manager password hash on PDC/BDC's and 2000/NT Servers
    > in a large distributed multi-domain network???
    >
    > I understand that one issue is that WIN 9X machines
    > can no longer authenticate to the network. Is this so?
    >
    > Are there other issues such as replication, or other
    > important services that might be impacted?
    >
    > Is it possible to move the WIN 9X users to another NT
    > domain that has the LAN MAN Hash, and simply extend
    > trusts to that domain to provide connectivity to those
    > systems? Can the 9X machines be made to work in the
    > NT/2000 world sans the LAN Man password hash?
    >
    > I am looking for tried and tested, real-world
    > solutions to providing WIN 9X connectivity to domains
    > without the LAN MAN hash, and info on what kind of
    > ugly monsters may live inside this Pandora's box.
    >
    >
    > many thanks!
    >
    >
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Photos - Share your holiday photos online!
    > http://photos.yahoo.com/
    >