Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the ...

Network security: Do not store LAN Manager hash value on next password change

This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.


Default on Windows Vista and above: Enabled
Default on Windows XP: Disabled.

Important

Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.

Network security: Allow Local System to use computer identity for NTLM This policy setting allows Local System services that ... Network security: Allow LocalSystem NULL session fallback Allow NTLM to fall back to NULL session when used with LocalSystem. ... Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned ... Network security: Configure encryption types allowed for Kerberos This policy setting allows you to set the encryption types ... Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the ... Network security: Force logoff when logon hours expire This security setting determines whether to disconnect users who are ... Network security: LAN Manager authentication level This security setting determines which challenge/response authentication ... Network security: LDAP client signing requirements This security setting determines the level of data signing that is requested ... Network security: Minimum session security for NTLM SSP based (including secure RPC) clients This security setting allows ...