Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Changing NTLM security level

microsoft.public.windows.vista.networking sharing






Speedup My PC
Reply
  #1 (permalink)  
Old 02-07-2007
=?Utf-8?B?bWU=?=
 

Posts: n/a
Changing NTLM security level
I am trying to connect my Windows Vista Home Edition system to a Samba server
share. I found out that in the Windows Vista betas, I needed to reduce the
security levels of the NTLM responses to include not only NTLMv2, but also
NTLMv1. This was done in the Local Security Policy MMC snap-in.

Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
Home Premium edition. As a result, I cannot seem to find the Local Security
Policy MMC snap-in. My question is two-fold:

1. Is there a way to add the Local Security Policy snap-in to Windows Vista
Home Premium?
2. If there is no way to do number 1, then how to I alter the NTLM
authentication system to accept NTLMv1 and NTLMv2?

Thank you in advance!

Marc Hoffman
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-07-2007
Steve Winograd [MVP]
 

Posts: n/a
Re: Changing NTLM security level
In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
<me@discussions.microsoft.com> wrote:
>I am trying to connect my Windows Vista Home Edition system to a Samba server
>share. I found out that in the Windows Vista betas, I needed to reduce the
>security levels of the NTLM responses to include not only NTLMv2, but also
>NTLMv1. This was done in the Local Security Policy MMC snap-in.
>
>Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
>Home Premium edition. As a result, I cannot seem to find the Local Security
>Policy MMC snap-in. My question is two-fold:
>
>1. Is there a way to add the Local Security Policy snap-in to Windows Vista
>Home Premium?
>2. If there is no way to do number 1, then how to I alter the NTLM
>authentication system to accept NTLMv1 and NTLMv2?
>
>Thank you in advance!
>
>Marc Hoffman


Here's how to do #2:

1. Run the registry editor and open this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa

1. If it doesn't already exist, create a DWORD value named
LmCompatibilityLevel

3. Set the value to 1

4. Reboot
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Reply With Quote
  #3 (permalink)  
Old 02-08-2007
=?Utf-8?B?REFDVGVjaA==?=
 

Posts: n/a
Re: Changing NTLM security level
Please let us know if you can connect to the Samba server share properly by
name after you change it. If you can, map to it and then log off and back on
and see if it will reconnect.

I'm having an issue where I have several clustered NAS boxes(Isilon) and I
can't connect via name but via IP is fine. At least at first it was fine now
certain IP addresses can't connect anymore.

I have a ticket open with support but it doesn't seem like they know what is
going on.

I have seen several people with the same issue but no results as of yet that
I have seen anywhere.

I posted here but no one ever responded about it which doesn't make me feel
oh so warm and fuzzy!

Good luck

"Steve Winograd [MVP]" wrote:

> In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
> <me@discussions.microsoft.com> wrote:
> >I am trying to connect my Windows Vista Home Edition system to a Samba server
> >share. I found out that in the Windows Vista betas, I needed to reduce the
> >security levels of the NTLM responses to include not only NTLMv2, but also
> >NTLMv1. This was done in the Local Security Policy MMC snap-in.
> >
> >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
> >Home Premium edition. As a result, I cannot seem to find the Local Security
> >Policy MMC snap-in. My question is two-fold:
> >
> >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
> >Home Premium?
> >2. If there is no way to do number 1, then how to I alter the NTLM
> >authentication system to accept NTLMv1 and NTLMv2?
> >
> >Thank you in advance!
> >
> >Marc Hoffman

>
> Here's how to do #2:
>
> 1. Run the registry editor and open this key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
>
> 1. If it doesn't already exist, create a DWORD value named
> LmCompatibilityLevel
>
> 3. Set the value to 1
>
> 4. Reboot
> --
> Best Wishes,
> Steve Winograd, MS-MVP (Windows Networking)
>
> Please post any reply as a follow-up message in the news group
> for everyone to see. I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>

Reply With Quote
  #4 (permalink)  
Old 02-08-2007
=?Utf-8?B?bWU=?=
 

Posts: n/a
Re: Changing NTLM security level
WHAHOOO!!!!! IT WORKED!!!

Thank you VERY much, Steve.

"Steve Winograd [MVP]" wrote:

> In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
> <me@discussions.microsoft.com> wrote:
> >I am trying to connect my Windows Vista Home Edition system to a Samba server
> >share. I found out that in the Windows Vista betas, I needed to reduce the
> >security levels of the NTLM responses to include not only NTLMv2, but also
> >NTLMv1. This was done in the Local Security Policy MMC snap-in.
> >
> >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
> >Home Premium edition. As a result, I cannot seem to find the Local Security
> >Policy MMC snap-in. My question is two-fold:
> >
> >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
> >Home Premium?
> >2. If there is no way to do number 1, then how to I alter the NTLM
> >authentication system to accept NTLMv1 and NTLMv2?
> >
> >Thank you in advance!
> >
> >Marc Hoffman

>
> Here's how to do #2:
>
> 1. Run the registry editor and open this key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
>
> 1. If it doesn't already exist, create a DWORD value named
> LmCompatibilityLevel
>
> 3. Set the value to 1
>
> 4. Reboot
> --
> Best Wishes,
> Steve Winograd, MS-MVP (Windows Networking)
>
> Please post any reply as a follow-up message in the news group
> for everyone to see. I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>

Reply With Quote
  #5 (permalink)  
Old 02-08-2007
=?Utf-8?B?bWU=?=
 

Posts: n/a
Re: Changing NTLM security level
Hi...

I tested the system as you suggest, and I didn't have the problem that you
reported here. I am connecting my Vista box to a Mac OS X 10.4.8 Client OS.
Perhaps it's the version of Samba that's running on your NAS'es? Also, do you
know if your DNS and/or WINS (if you're using WINS) is set up correctly?
Perhaps that Windows Vista clients are having problems resolving the DNS name
of the NAS systems. You can try to "ping" one of the NAS'es in a Windows
command prompt. You can also issue an "nslookup" on each of the NAS boxes to
ensure that your Vista client is receiving the proper DNS information.

Please let us know how things work.

"DACTech" wrote:

> Please let us know if you can connect to the Samba server share properly by
> name after you change it. If you can, map to it and then log off and back on
> and see if it will reconnect.
>
> I'm having an issue where I have several clustered NAS boxes(Isilon) and I
> can't connect via name but via IP is fine. At least at first it was fine now
> certain IP addresses can't connect anymore.
>
> I have a ticket open with support but it doesn't seem like they know what is
> going on.
>
> I have seen several people with the same issue but no results as of yet that
> I have seen anywhere.
>
> I posted here but no one ever responded about it which doesn't make me feel
> oh so warm and fuzzy!
>
> Good luck
>
> "Steve Winograd [MVP]" wrote:
>
> > In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
> > <me@discussions.microsoft.com> wrote:
> > >I am trying to connect my Windows Vista Home Edition system to a Samba server
> > >share. I found out that in the Windows Vista betas, I needed to reduce the
> > >security levels of the NTLM responses to include not only NTLMv2, but also
> > >NTLMv1. This was done in the Local Security Policy MMC snap-in.
> > >
> > >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
> > >Home Premium edition. As a result, I cannot seem to find the Local Security
> > >Policy MMC snap-in. My question is two-fold:
> > >
> > >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
> > >Home Premium?
> > >2. If there is no way to do number 1, then how to I alter the NTLM
> > >authentication system to accept NTLMv1 and NTLMv2?
> > >
> > >Thank you in advance!
> > >
> > >Marc Hoffman

> >
> > Here's how to do #2:
> >
> > 1. Run the registry editor and open this key:
> >
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
> >
> > 1. If it doesn't already exist, create a DWORD value named
> > LmCompatibilityLevel
> >
> > 3. Set the value to 1
> >
> > 4. Reboot
> > --
> > Best Wishes,
> > Steve Winograd, MS-MVP (Windows Networking)
> >
> > Please post any reply as a follow-up message in the news group
> > for everyone to see. I'm sorry, but I don't answer questions
> > addressed directly to me in E-mail or news groups.
> >
> > Microsoft Most Valuable Professional Program
> > http://mvp.support.microsoft.com
> >

Reply With Quote
  #6 (permalink)  
Old 02-08-2007
Steve Winograd [MVP]
 

Posts: n/a
Re: Changing NTLM security level
In article <80A8D66D-BE0C-40A6-BB20-84C6AC635F9A@microsoft.com>, me
<me@discussions.microsoft.com> wrote:
>> >I am trying to connect my Windows Vista Home Edition system to a Samba server
>> >share. I found out that in the Windows Vista betas, I needed to reduce the
>> >security levels of the NTLM responses to include not only NTLMv2, but also
>> >NTLMv1. This was done in the Local Security Policy MMC snap-in.
>> >
>> >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
>> >Home Premium edition. As a result, I cannot seem to find the Local Security
>> >Policy MMC snap-in. My question is two-fold:
>> >
>> >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
>> >Home Premium?
>> >2. If there is no way to do number 1, then how to I alter the NTLM
>> >authentication system to accept NTLMv1 and NTLMv2?
>> >
>> >Thank you in advance!
>> >
>> >Marc Hoffman

>>
>> Here's how to do #2:
>>
>> 1. Run the registry editor and open this key:
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
>>
>> 1. If it doesn't already exist, create a DWORD value named
>> LmCompatibilityLevel
>>
>> 3. Set the value to 1
>>
>> 4. Reboot

>
>WHAHOOO!!!!! IT WORKED!!!
>
>Thank you VERY much, Steve.


You're welcome !!
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Reply With Quote
  #7 (permalink)  
Old 02-08-2007
=?Utf-8?B?REFDVGVjaA==?=
 

Posts: n/a
Re: Changing NTLM security level
All DNS, WINS and any other authentication settings are setup correctly. I
can connect to the Mac's no problem.

I'm working with support right now and it seems they just are not sure what
is truly going on here. They have taken several trace files and in fact just
took six different instances this morning. I'm wondering if Vista just needs
to be dumbed down a bit in terms of authentication. Isilon hasn't gotten
around to testing with Vista just yet but it may come down to them needing to
so it can be upgraded to work with it. Isilon is more of a samba/FreeBSD box
and there's no true OS on it so to speak.

I'm wondering if anyone using Vista has any Isilon's other than me at this
point.



"me" wrote:

> Hi...
>
> I tested the system as you suggest, and I didn't have the problem that you
> reported here. I am connecting my Vista box to a Mac OS X 10.4.8 Client OS.
> Perhaps it's the version of Samba that's running on your NAS'es? Also, do you
> know if your DNS and/or WINS (if you're using WINS) is set up correctly?
> Perhaps that Windows Vista clients are having problems resolving the DNS name
> of the NAS systems. You can try to "ping" one of the NAS'es in a Windows
> command prompt. You can also issue an "nslookup" on each of the NAS boxes to
> ensure that your Vista client is receiving the proper DNS information.
>
> Please let us know how things work.
>
> "DACTech" wrote:
>
> > Please let us know if you can connect to the Samba server share properly by
> > name after you change it. If you can, map to it and then log off and back on
> > and see if it will reconnect.
> >
> > I'm having an issue where I have several clustered NAS boxes(Isilon) and I
> > can't connect via name but via IP is fine. At least at first it was fine now
> > certain IP addresses can't connect anymore.
> >
> > I have a ticket open with support but it doesn't seem like they know what is
> > going on.
> >
> > I have seen several people with the same issue but no results as of yet that
> > I have seen anywhere.
> >
> > I posted here but no one ever responded about it which doesn't make me feel
> > oh so warm and fuzzy!
> >
> > Good luck
> >
> > "Steve Winograd [MVP]" wrote:
> >
> > > In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
> > > <me@discussions.microsoft.com> wrote:
> > > >I am trying to connect my Windows Vista Home Edition system to a Samba server
> > > >share. I found out that in the Windows Vista betas, I needed to reduce the
> > > >security levels of the NTLM responses to include not only NTLMv2, but also
> > > >NTLMv1. This was done in the Local Security Policy MMC snap-in.
> > > >
> > > >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
> > > >Home Premium edition. As a result, I cannot seem to find the Local Security
> > > >Policy MMC snap-in. My question is two-fold:
> > > >
> > > >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
> > > >Home Premium?
> > > >2. If there is no way to do number 1, then how to I alter the NTLM
> > > >authentication system to accept NTLMv1 and NTLMv2?
> > > >
> > > >Thank you in advance!
> > > >
> > > >Marc Hoffman
> > >
> > > Here's how to do #2:
> > >
> > > 1. Run the registry editor and open this key:
> > >
> > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
> > >
> > > 1. If it doesn't already exist, create a DWORD value named
> > > LmCompatibilityLevel
> > >
> > > 3. Set the value to 1
> > >
> > > 4. Reboot
> > > --
> > > Best Wishes,
> > > Steve Winograd, MS-MVP (Windows Networking)
> > >
> > > Please post any reply as a follow-up message in the news group
> > > for everyone to see. I'm sorry, but I don't answer questions
> > > addressed directly to me in E-mail or news groups.
> > >
> > > Microsoft Most Valuable Professional Program
> > > http://mvp.support.microsoft.com
> > >

Reply With Quote
  #8 (permalink)  
Old 02-09-2007
=?Utf-8?B?bGF3c2Nl?=
 

Posts: n/a
Re: Changing NTLM security level
I also can't connect by name, only by IP address to my SimpleTech NAS even
after changing the LmCompatibilityLevel registry entry. A value of 1 or 2
seems to allow me access by IP address. The default value of 3 did not allow
access at all.

"DACTech" wrote:

> Please let us know if you can connect to the Samba server share properly by
> name after you change it. If you can, map to it and then log off and back on
> and see if it will reconnect.
>
> I'm having an issue where I have several clustered NAS boxes(Isilon) and I
> can't connect via name but via IP is fine. At least at first it was fine now
> certain IP addresses can't connect anymore.
>
> I have a ticket open with support but it doesn't seem like they know what is
> going on.
>
> I have seen several people with the same issue but no results as of yet that
> I have seen anywhere.
>
> I posted here but no one ever responded about it which doesn't make me feel
> oh so warm and fuzzy!
>
> Good luck
>
> "Steve Winograd [MVP]" wrote:
>
> > In article <7B25AD5A-091E-4AD2-B443-66B4C1A1A22C@microsoft.com>, me
> > <me@discussions.microsoft.com> wrote:
> > >I am trying to connect my Windows Vista Home Edition system to a Samba server
> > >share. I found out that in the Windows Vista betas, I needed to reduce the
> > >security levels of the NTLM responses to include not only NTLMv2, but also
> > >NTLMv1. This was done in the Local Security Policy MMC snap-in.
> > >
> > >Unfortunately, the betas were based on Windows Vista ULTIMATE, and not the
> > >Home Premium edition. As a result, I cannot seem to find the Local Security
> > >Policy MMC snap-in. My question is two-fold:
> > >
> > >1. Is there a way to add the Local Security Policy snap-in to Windows Vista
> > >Home Premium?
> > >2. If there is no way to do number 1, then how to I alter the NTLM
> > >authentication system to accept NTLMv1 and NTLMv2?
> > >
> > >Thank you in advance!
> > >
> > >Marc Hoffman

> >
> > Here's how to do #2:
> >
> > 1. Run the registry editor and open this key:
> >
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
> >
> > 1. If it doesn't already exist, create a DWORD value named
> > LmCompatibilityLevel
> >
> > 3. Set the value to 1
> >
> > 4. Reboot
> > --
> > Best Wishes,
> > Steve Winograd, MS-MVP (Windows Networking)
> >
> > Please post any reply as a follow-up message in the news group
> > for everyone to see. I'm sorry, but I don't answer questions
> > addressed directly to me in E-mail or news groups.
> >
> > Microsoft Most Valuable Professional Program
> > http://mvp.support.microsoft.com
> >

Reply With Quote
  #9 (permalink)  
Old 02-11-2007
BSchnur
 

Posts: n/a
Re: Changing NTLM security level
By the way, that same setting will work for folks trying to connect to
NetWare 6.5 servers using CIFS/NFA.


--
Barry Schnur
Novell Support Connection Volunteer Sysop
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Level Authentication Sam microsoft.public.windows.vista.networking sharing 5 06-10-2009 15:17
Security crisis? Keep your cool, expert says Steve Security News 0 03-02-2007 11:21
Why MassMutual's security chief doesn’t have to outrun bears Steve Security News 0 03-02-2007 11:21
yikes: level meters suddenly disasppeared tonj microsoft.public.windows.vista.music pictures video 0 02-24-2007 15:56
NTLM Passwords Linux NAS passwords =?Utf-8?B?U3RldmVL?= microsoft.public.windows.vista.networking sharing 5 02-02-2007 19:14




All times are GMT +1. The time now is 23:10.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120