Changing LAN Manager Authentication on Windows NT (Windows NT)

Windows NT supports two kinds of challenge/response authentication: LanManager (LM) and Windows NT (NTLM). LM authentication is not as strong as Windows NT authentication so some customers may want to disable its use, because an attacker sniffing the network traffic could possibly attack the weaker protocol.

This tweak can be easily applied using WinGuides Tweak Manager. Download a free trial now!

The implementation of the NTLM Security Service Provider (SSP) in Server Pack 4 has been enhanced to allow clients to control which variants of NTLM are used, and to allow servers to control which variants they will accept.

To change the type of authentication to be used modify the key below with the following values:

Level 0 - Send LM response and NTLM response; never use NTLMv2 session security
Level 1 - Use NTLMv2 session security if negotiated
Level 2 - Send NTLM response only
Level 3 - Send NTLMv2 response only
Level 4 - DC refuses LM responses
Level 5 - DC refuses LM and NTLM responses (accepts only NTLMv2)

Note: Currently only Windows NT 4.0 (SP4 and greater) support NTLMv2.

		(Default)	REG_SZ	(value not set)
		LMCompatibilityLevel	REG_DWORD	0x00000001 (1)

	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

>> Recommended Download - check, repair and optimize your registry now with Registry Mechanic <<

Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. We cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.