Wednesday, September 19, 2007

Prevent Password Attacks windows 2000/2003

http://arunonfire.blogspot.com/2007/09/prevent-password-attacks-windows.html

The purpose of this hack is to prevent machines saving the weak NTLM hash in their registry which could then be attacked.
You may ask 'How will logon work if you disable this feature?'
The answer is that XP, .NET and Windows 2000 use a separate kerberos security system, this NTLM hash is only there for backwards compatibility with SAM databases in NT.
Its purpose would be to enable users on Windows 2000 to logon to NT domains.

For Windows 2000, locate and click the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

From the Edit menu, click Add Key, and then add the following registry key: NoLMHash. Set NoLMHash = 1

In XP Value name: NoLMHash, Data type: REG_DWORD Radix: Decimal Value data: 1

Arun
Powered By Blogger

Music...