How can I use the local security settings to force NTLMv2?

Note: The following information is intended for registered local support providers (LSPs) at Indiana University. If you are an LSP and have questions regarding the information in this document, contact LSP Services at  lsps@iu.edu ; otherwise, contact your campus Support Center.

The instructions below are manual steps to change a setting that the IUware IUWindowsAuthUpdate tool changes automatically. If you're not familiar with the Microsoft Management Console or the Local Security Policy interface, download and use the tool from IUware rather than following the steps below.

Note: Windows 7 and Vista default to using NTLMv2 authentication.

To use the local security settings to force Windows XP and 2000 to use NTLMv2:

1. Open the Local Security Policy console, using one of the following methods:
   
   
   • From the Control Panel, through Administrative Tools:
     
     
     1. From the Start menu, select Control Panel (Windows XP default view) or Settings and then Control Panel (Windows 2000 or 2003, or Windows XP Classic View).
     2. Double-click Administrative Tools, and then Local Security Policy.
     
     
   • Through the Run dialog box:
     
     
     1. From the Start menu, select Run... .
     2. In the Open...  field, enter: secpol.msc
     3. Click OK.

   The Local Security Policy console will appear.

2. Find "Network Security: LAN Manager authentication level", which is located in Security Settings, Local Policies, Security Options.
   
   
3. Set the LAN Manager authentication level to NTLMv2 response only/refuse LM and NTLM.

Comments/Questions/Corrections