Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Kerberos & NTLM Auth in IIS6

from [nobody] Network Security [Permanent Link]
Subject: Re: Kerberos & NTLM Auth in IIS6
Date: 15 Jun 2005 10:53:19 -0000 
A little known fact regarding NTLMv2 is that only those applications that 
authenticate using the
Local Security Authority (LSA) will be affected by the LMCompatibility mode 
setting. That includes
file sharing and domain logons. A number of applications use the NTLM Security 
Support
Provider Interface (NTLMSSP) to authenticate, and there is a separate setting 
to enable
NTLMv2 for them. Examples of such applications include SQL Server (when using 
RPC) and
many other (secure) RPC-based applications. NTLMv2 for NTLMSSP has to be 
enabled on a
given machine, both for the machine's functionality as a server and as a 
client. The registry has
to be edited to enable NTLMv2 for RPC .
Edit the registry and set the appropriate keys. These keys do not exist by 
default or are set to 0.
To set NTLMv2 Security on the server side add the following registry key
To set NTLMv2 Security on the client (Windows 9x/NT/2000/XP) side add the 
following registry
key:

Enable NTLMv2 Authentication for NTLM Security
Support Provider Interface (NTLMSSP) mandatory
Hive HKEY_LOCAL_MACHINE
Key \System\CurrentControlSet\Control\Lsa\MSV1_0\
Value
Name
NtlmMinServerSec
Type REG_DWORD
Value 0x00080000
Hive HKEY_LOCAL_MACHINE
Key \System\CurrentControlSet\Control\Lsa\MSV1_0\
Value
Name
NtlmMinClientSec
Explanation
Measure
Implementation
NOTE:
Both, the client and server side has to be set to work properly.
When the ?HKLM\System\CurrentControlSet\control\LSA\LMCompatibilityLevel? does 
not enable
a machine to negotiate NTLMv2 authentication, then this setting will make 
certain remote
features fail (e.g. mapping of shares). So the LMCompatibilityLevel must be set 
to allow
NTLMv2 authentication at the same time.
We were made aware that in cluster solutions the LMCompatibilityLevel must be 
set to ?Send
LM and NTLM responses only? (see also: 
<http://support.microsoft.com/default.aspx?scid=kb;ENUS;
q272129> ) and that the registry settings above must not be made at all!
You can find more information about s-RPC at:
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239869>
and
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;q147706>


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RunAs, k levinson
Next by Date:  RE: RunAs, Salvador.Manaois
Previous by Thread:  RE: Kerberos & NTLM Auth in IIS6, Trevor
Next by Thread:  RE: Kerberos & NTLM Auth in IIS6, Trevor
Indexes:  [Date] [Thread] [Top] [All Lists]