Ok...
What I did was:
a) Changed the key to "NoLMHash" (no spaces).
b) Rebooted the system.
c) Changed the passwords.
d) Tried to crack them with LC4.
.... the setting was now active, but according to LC4, what happened was:
a) The LM and NTLM passwords changed to an *empty* state to all users
afected.
b) The LM and NTLM hashes *were created anyway*.
c) The LM and NTLM hashes were *the same for all users* afected (same
empty seed).
Now, these few questions arise:
a) Isn't this a worse security scenario?
b) Shouldn't the key be renamed to "Blank_LM/NTLM_Passwords" (or the like)?
c) Am I seeing it wrongly?
Regards,
rusga
On Wed, 29 Sep 2004 11:05:26 +0100, rusga <reply2newsgroup@nntp> wrote:
> Oops! That's it.
>
> I'll try it and post back.
>
> Thank you,
> rusga
>
> On Thu, 30 Sep 2004 02:39:31 -0700, Mark V <(E-Mail Removed)> wrote:
>
>> In microsoft.public.win2000.registry rusga wrote:
>>
>>> Hi,
>>>
>>> In MS checklist
>>> ( http://207.46.156.156/technet/images...ech/win2000/wi
>>> n2khg/images/win2k45_BIG.gif ) there's the possibility of
>>> disabling the creation of LM hashes by creating the folowing new
>>> key:
>>>
>>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLM Hash
>>>
>>> ... but, unfortunately, it doesn't seem to work since LC4 cracker
>>> still get's them.
>>>
>>> What am I doing wrong here?
>>
>> I think the KeyName is: NoLMHash
>> If you had a SPACE in there (as did your cited (but incorrect)
>> article) it would fail.
>>
>> There is a Group Policy that would probably be better and easier to
>> use.
>> KBA 299656
>> "How to prevent Windows from storing a LAN manager hash of your
>> password in Active Directory and local SAM databases"
>>
>
Similar Threads
