Recipe 17.6. Disabling Storage of the LM Password Hash

Previous page
Table of content
Next page

Problem

You want to prevent the LanManager (LM) hash for new passwords from being stored in the local Security Accounts Manager (SAM). The LM hash is susceptible to brute force attacks and is primarily used for backward compatibility with Windows 95 and 98 clients.

Solution

Set NoLMHash the DWORD value entry under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa to 1. You can accomplish this by modifying the Local Security Policy as described next.

Using a graphical user interface

  1. Open the Local Security Policy snap-in.

  2. In the left pane, expand Local Policies Security Options.

  3. Click the Enabled radio button.

  4. Click OK.

Discussion

The LM hash uses an old algorithm (pre-Windows NT 4.0) and is considered to be relatively weak compared to the NT hash that is also stored. The LM hash is generated only for passwords that are shorter than 15 characters. So if you are one of the few people who have a password (or passphrase) longer than that, the LM hash is not stored for you.

See Also

MS KB 299656, "How to Prevent Windows from Storing a LAN Manager Hash of Your Password in Active Directory and Local SAM Databases"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Adobe After Effects 7.0 Studio Techniques
FileMaker Pro 8: The Missing Manual
C & Data Structures (Charles River Media Computer Engineering)
Cisco Voice Gateways and Gatekeepers
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy