LM & NTLM
From DIGITUS - Wiki
NTLM (abbreviation for NT LAN Manager) or NTCR (NT challenge/response) is an authentication method allowing a single sign-on at web servers or proxy servers by using the credentials of the Windows user log on.
NTLM is (almost) exclusively implemented in products of the Microsoft company. Samba, Squid, Mozilla Firefox, cURL, Opera, and the Apache HTTP Server also support this protocol. Of course this depends on the software version you intend to use.
Contents |
Version comparison
This Group Policy has been available since the release of Windows 2000. The following operating systems are exceptions, for they do not include this Group Policy: Windows XP Home, Windows Vista Home Basic, Windows Vista Home Premium, Windows 7 Starter, Windows 7 Home Basic, and Windows 7 Home Premium.
In these operating systems group policies can only be changed by editing the registry.
| Versions of Windows Operating Systems | LSR | Registry |
| Windows 2000 | X | X |
| Windows 2000 Server (+) | X | X |
| Windows XP Home | NO | X |
| Windows XP Professional | X | X |
| Windows Vista Home Basic | NO | X |
| Windows Vista Home Basic N | NO | X |
| Windows Vista Home Premium | NO | X |
| Windows Vista Enterprise | X | X |
| Windows Vista Business | X | X |
| Windows Vista Business N | X | X |
| Windows Vista Ultimate | X | X |
| Windows 7 Starter | NO | X |
| Windows 7 Home Basic | NO | X |
| Windows 7 Home Premium | NO | X |
| Windows 7 Professional | X | X |
| Windows 7 Ultimate | X | X |
| Windows 7 Enterprise | X | X |
How to activate LM & NTLM via "Local Security Policies"
- activate Local Security Policies
- Start and Control Panel
- System Administrative Tools, then Administration
- Local Security Policy
- left column, click on Local Security Policy
- Security Options
- right column Network security: LAN Manager Authentication Level
- drop-down and activate Send LM & NTLM - use NTLMv2 session security if negotiated
- close the window, then "Start menu", Run
- enter cmd.exe and execute this file; then enter gpupdate /force in the new window
- close the window, save your work, and restart your computer
 |
 |
 |
How to activate LM & NTLM via the "Registry"
Please note: Only expert users of the Windows operating system should follow these instructions. If you edit the Registry File you will do this at your own risk!
- Start and Run/Seek
- enter regedit
- a new window is opened
- change the active directory to: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
- check if the key LmCompatibilityLevel was created
- if it was not created create the key LmCompatibilityLevel (new); if it already exists edit this key
- new: DWORD
- name: LmCompatibilityLevel
- value: Decimal 2
- The key will automatically be saved during the creation process.
- if it was not created create the key LmCompatibilityLevel (new); if it already exists edit this key
- close the Registry Editor, save your work, restart the computer
Now it should be possible to log on to a NAS system.
 |
 |
 |
 |
Additional texts featuring more details
- Compatibility of operating systems
- DIGITUS® web page
- Wikipedia
Legal aspects
Please also take into account in what way our pieces of advice and recommendations have to be used!