Implications of allowing Windows clients to use NTLMv1?
Posted
by
Boden
on Server Fault
See other posts from Server Fault
or by Boden
Published on 2009-07-29T23:31:47Z
Indexed on
2012/10/04
3:40 UTC
Read the original article
Hit count: 418
I have a web application that I'd like to authenticate to using pass-through NTLM for SSO. There is a problem, however, in that NTLMv2 apparently will not work in this scenario (without the application storing an identical password hash).
I enabled NTLMv1 on one client machine (Vista) using its local group policy: Computer->Windows Settings->Security Settings->Network Security: LAN Manager authentication level. I changed it to Send LM & NTLM - use NTLMv2 session security if negotiated.
This worked, and I'm able to login to the web application using NTLM. Now this application would be used by all of my client machines... so I'm wondering what the security risks are if I was push this policy out to all of them (not to the domain controller itself though)?
© Server Fault or respective owner