Implications of allowing Windows clients to use NTLMv1?

Posted by Boden on Server Fault See other posts from Server Fault or by Boden
Published on 2009-07-29T23:31:47Z Indexed on 2012/10/04 3:40 UTC
Read the original article Hit count: 418

I have a web application that I'd like to authenticate to using pass-through NTLM for SSO. There is a problem, however, in that NTLMv2 apparently will not work in this scenario (without the application storing an identical password hash).

I enabled NTLMv1 on one client machine (Vista) using its local group policy: Computer->Windows Settings->Security Settings->Network Security: LAN Manager authentication level. I changed it to Send LM & NTLM - use NTLMv2 session security if negotiated.

This worked, and I'm able to login to the web application using NTLM. Now this application would be used by all of my client machines... so I'm wondering what the security risks are if I was push this policy out to all of them (not to the domain controller itself though)?

© Server Fault or respective owner

Related posts about Windows

Related posts about security