Network Security: LAN manager authentication level

-
In windows server 2008, if we go to Network Security: LAN manager authentication level(gpedit.msc -> Computer Configuration -> WindowsSettings -> SecuritySettings LocalPolicies -> securityoptions ) and right click on it, we cannot change the value of the authentication level. It is greyed out.

To change this we need to go to following registry entry..

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel and set the value.

LmCompatibilityLevel should be

0 for Send LM & NTLM responses
1 for Send LM & NLTM - use NTLMv2 session security if negotiated
2 for Send NTLM response only
3 for Send NTLMv2 response only
4 for Send NTLMv2 response only\refuse LM
5 for Send NTLMv2 response only\refuse LM & NTLM

Comments

  1. AnonymousApril 10, 2013 at 11:52 AM

    how do i change it to: not defined????

    ReplyDelete
    Replies
    1. AnonymousJuly 15, 2013 at 4:32 PM

      Just delete the registry entry mentioned above. I had to do it myself for testing. It worked.

      Delete
  2. sudheerApril 16, 2013 at 6:40 PM

    By default it should be Not Defined. If you changed it through the UI then Set some value like 10 in the registry key mentioned above.

    ReplyDelete
  3. AnonymousJuly 22, 2013 at 11:06 AM

    Thanks! I set it trying to get some software to work the way I want it and fubar'd my ability to login. :)

    ReplyDelete
  4. UnknownFebruary 25, 2014 at 8:16 PM

    From many days i was feeling LAN problem but now i,m clear about it after reading your blog. Thanks for sharing this. network security

    ReplyDelete
  5. AnonymousDecember 18, 2014 at 5:02 AM

    Thanks!

    ReplyDelete
  6. AnonymousFebruary 27, 2020 at 8:03 AM

    Just wanted to say thank you. All these years later on Windows 10, it worked.

    ReplyDelete

Post a Comment

Popular posts from this blog

Cisco AnyConnect Secure Mobility Client - VPN service not available. The VPN agent service is not responding

-
Sometime there may be a possibility that Cisco AnyConnect Secure Mobile Client can crash and service will be continuously crashing if you go and see it in services.msc. I faced this issue when my laptop was shutdown forcefully and below I listed the resolution I found.. Client Version:  3.1.04049 Resolution: Open the browser you have been using. From the options, delete the complete browsing data stored.  Then I found that service was crashing but it gave me a couple of secs opportunity to enter my password to connect to my VPN. I entered my password quickly and then I was successfully able to connect to the VPN and didn't face this issue again. Stupid resolution but still it may be useful for few more people here..
Read more