OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Hippel (alexSPECTRALSYSTEMS.CO.UK)
Date: Tue May 08 2001 - 13:19:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Given that Windows 98 clients require the active directory client to use
    NTLMV2,
    what about a boot disk used for loading an HD image file from a server.

    I assume it's not possible to get the NTLMV2 security on a single floppy ?

    -----Original Message-----
    From: Focus on Microsoft Mailing List
    [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Brad Judy
    Sent: 04 May 2001 15:50
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: NT client authentication

    Natively Windows 9x only supports NTLMv1 authentication. You can add NTLMv2
    support to Win9x clients by installing the Active Directory Client
    Extensions
    http://www.microsoft.com/windows2000/news/bulletins/adextension.asp (the
    NTLMv2 support should stay in place even if you uninstall these extensions).

    This MS KB article discusses setting the authentication negotiation under
    NT4 as well as some of the interaction ramifications of using different
    settings. Remember, forcing NTLMv2 on the server side has several
    ramifications including pre-SP4 NT interop, Win9x interop (without the AD
    extensions), Mac interop (best authentication available on Mac UAM client is
    LM), and third party software (some third party software may attempt to use
    NTLMv1 or LM).

    Brad Judy
    Information Technology Services
    University of Colorado at Boulder

    > -----Original Message-----
    > From: Focus on Microsoft Mailing List
    > [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Cesare Fiorini
    > Sent: Thursday, May 03, 2001 1:45 AM
    > To: FOCUS-MSSECURITYFOCUS.COM
    > Subject: NT client authentication
    >
    >
    > Hi,
    > my LAN have 1 NT 4.0 domain with 1 PDC and 2 BDC.
    > PDC is windows NT 4.0 sp3
    > both BDC are windows NT 4.0 sp5
    >
    > The security log of BDC named Sxx report this line:
    >
    > SEC,4/27/01,08:29:48,Security,528,Success,Logon/Logoff
    > ,Dzz\MyAccount,Sxx,Successful Logon:^` User Name: MyAccount^`
    > Domain: Dzz^` Logon ID: (0x0
    > 0x125E44B)^` Logon Type: 3^` Logon
    > Process: KSecDD^` Authentication
    > Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0^`
    > Workstation Name: \\PC1
    >
    > where:
    > Dzz is the name of NT domain
    > Sxx is the BDC server
    > the client PC1 is a windows 98 machine
    >
    > My question is: for the authentication process the server uses NTLMv1 (how
    > report the log) or NTLMv2 (how I think because
    > the server working sp5)?
    > How can I verify it?
    > How can I force the NTLMv2 utilisation?
    > The windows 98 client uses NTLMv1 only?
    >
    > Many thanks
    > Cesare
    > _________________________________________________________________________
    > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
    >