Wednesday 4 July 2018

Windows 8 security policy "LAN Manager Authentication Level"


I can't get into one of our enterprise apps and the app administrator told me I need to change the LAN Manager Authentication Level to "Send NTLM Responses Only". That normally happens via group policy, the problem is I'm running Windows 8 and my device is non-managed. I cannot find that particular setting in the Windows 8 policy manager. Any help?



Answer



Unfortunately not all versions of Windows appear to ship the policies editor. Windows 8 doesn't for example but Windows 8 Pro does, so depending on your version you would be able to use it or not.


To see if you can access it press Win+Q to search for it or Win+R to open the "Run" dialog. Either way type gpedit.msc and if it appears in the first case or you're able to run it do so.


Then navigate to Local Computer Policy -> Windows Settings -> Security Settings -> Local Policies -> Security Options. There locate Network security: LAN Manager authentication level and set that policy to what your admin told you.


If you're not able to access the policies editor you can accomplish the same by editing the registry yourself. Concretely the key you have to edit for that policy is:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

There, add (or edit) a DWORD value named LmCompatibilityLevel and set it to the value you require according to the following table (which in your case is 2):


0 - Send LM & NTLM responses
1 - Send LM & NTLM responses, use NTLMv2 session security if negotiated
2 - Send NTLM response only
3 - Send NTLMv2 response only
4 - Send NTLMv2 response only, refuse LM
5 - Send NTLMv2 response only, refuse LM & NTLM

I hope that helps.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...