CalNetAD Security NTLMv2

Historically, Windows NT supports two variants of challenge/response authentication for network logons:
LAN Manager (LM) challenge/response
Windows NT challenge/response (also known as NTLM version 1 challenge/response)
The LM variant allows interoperability with the installed base of Windows 95 clients and servers. NTLM provides improved security for connections between Windows NT clients and servers. Windows NT also supports the NTLM session security mechanism that provides for message confidentiality (encryption) and integrity (signing).

Recent improvements in computer hardware and software algorithms have made these protocols vulnerable to widely published attacks for obtaining user passwords. In its ongoing efforts to deliver more secure products to its customers, Microsoft has developed an enhancement, called NTLM version 2, that significantly improves both the authentication and session security mechanisms. NTLM 2 has been available for Windows NT 4.0 since Service Pack 4 (SP4) was released, and it is supported natively in Windows 2000. You can add NTLM 2 support to Windows 95 and Windows 98 by installing the Directory Services Client from the Windows 2000 CD-ROM.

After you upgrade all Windows 95/98 and Windows NT 4.0 computers, you can greatly improve your organization's security by configuring clients, servers, and domain controllers to use only NTLM 2 (not LM or NTLM).

Windows 9x

• DSCLIENT.EXE
• ntlm9x.reg

Windows NT

• ntlmNT.reg - Administrative privileges required to install

Windows 2000

• ntlm2k.reg - Administrative privileges required to install

Resources

• Q283261 - Version Conflicts with the Directory Service Client Version of Windows 95 and Windows 98 System Files
• Q293322 - Directory Service Client May Not Be Installed on Windows NT 4.0 SP6a with Certain Hotfixes
• Q239869 - How to Enable NTLM 2 Authentication for Windows 95/98/2000 and NT