NTLMv2 on RAS

["Leon North" <leon_nc () linuxmail org>]

We have a stand alone Win2k Server running as a RRAS machine (i.e. local accounts only, NOT a domain member). As part 
of hardening it, I want to set LM Compatibility to only allow NTLMv2 authentication, which is significantly more 
secure. This means Win98 and earlier clients couldn't connect to it (without some modification). Fine, since apart from 
RAS we will only be logged on or connecting to it locally, not from any other machines.

My question is will this effect Win98 clients connecting over RAS? RAS clients use remote auth such as MSCHAP (I will 
also restrict to MSCHAPv2 which Win98 does support), but do RAS clients ONLY use the remote authentication, or do they 
also use local authentication protocols as well in the process?

Or to simplify even further- will configuring the Win2k RRAS LM Compatibility to NTLMv2 impact remote clients 
connecting via RRAS in any way?

Any help appreciated.

Leon
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------