Home page logo
/

basics logo Security Basics mailing list archives

Re: RE: ADS Password Storage Protection
From: e.m.baechle () ieee org
Date: 27 Jul 2006 19:10:33 -0000

Rolando,

You can divide up the settings if you want, but the easiest method is to apply GPO's with these settings to both the 
DCs and the Workstations.

Establishing the settings for workstations is especially important in cases where they are laptops operated either in a 
local-authentication mode or disconnected from the domain.

In any case you'll want to disable the storage of LM Hash on both the workstations and the DCs and establish NTLMv2 as 
the communication protocol of choice on both sets of systems (otherwise you may not connect, or experience long 
authentication delays while the workstations and DCs negotiate the communication settings).

Sincerely,

Eric B.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault