Network Security: LAN manager authentication level

In windows server 2008, if we go to Network Security: LAN manager authentication level(gpedit.msc -> Computer Configuration -> WindowsSettings -> SecuritySettings LocalPolicies -> securityoptions ) and right click on it, we cannot change the value of the authentication level. It is greyed out.

To change this we need to go to following registry entry..

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel and set the value.

LmCompatibilityLevel should be

0 for Send LM & NTLM responses
1 for Send LM & NLTM - use NTLMv2 session security if negotiated
2 for Send NTLM response only
3 for Send NTLMv2 response only
4 for Send NTLMv2 response only\refuse LM
5 for Send NTLMv2 response only\refuse LM & NTLM

Comments

  1. how do i change it to: not defined????

    ReplyDelete
    Replies
    1. Just delete the registry entry mentioned above. I had to do it myself for testing. It worked.

      Delete
  2. By default it should be Not Defined. If you changed it through the UI then Set some value like 10 in the registry key mentioned above.

    ReplyDelete
  3. Thanks! I set it trying to get some software to work the way I want it and fubar'd my ability to login. :)

    ReplyDelete
  4. From many days i was feeling LAN problem but now i,m clear about it after reading your blog. Thanks for sharing this. network security

    ReplyDelete
  5. Just wanted to say thank you. All these years later on Windows 10, it worked.

    ReplyDelete

Post a Comment

Popular posts from this blog

Cisco AnyConnect Secure Mobility Client - VPN service not available. The VPN agent service is not responding