PC Review


Reply
Thread Tools Rate Thread

Vista Networking with Win98 / Mac / Linux / NAS

 
 
Michael A. Bishop \(MSFT\)
Guest
Posts: n/a
 
      19th Mar 2007
There have been a number of posts addressing this which recommend lowering
the security levels in Vista. That is a last-ditch workaround. Please try
to get the other boxes to support better security before turning Vista's
security to lower settings.

Brief background:
Vista, by default, only uses the more secure NTLMv2 to authenticate on file
shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
number of other implementations of the SMB protocol only recently picked it
up. If you are trying to connect to a system which does not support NTLMv2,
an update will be required. If your system supports NTLMv2 but does not use
it by default, a settings change will be required.

If you are using Samba (Linux, OS/X):
- Make sure you have at least version 3.0.23
- Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

If you are using a Samba-based NAS device:
- Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
later
- Follow manufacturer's instructions for enabling NTLMv2 through their
configuration interface

If you are using Windows 9X: (Summarized from KB239869, "How to enable
NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
- Install the ADCE for Windows 9X -
http://download.microsoft.com/downlo...dsclient9x.msi
- You may optionally uninstall the ADCE; uninstalling ADCE does not remove
the files added to enable NTLMv2
- Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
to 0x3.

If none of the above works, *as a last resort*, permit the lower level of
security in Vista:
- On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
Policies" > "Security Options" > "Network Security: LAN Manager
authentication level" and change from "NTLMv2 responses only" to "LM and
NTLM -- use NTLMv2 session security if negotiated".
- On other SKUs of Vista, Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
to 0x1.

 
Reply With Quote
 
 
 
 
Robert L [MVP - Networking]
Guest
Posts: n/a
 
      20th Mar 2007
Thank you, Michael.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Michael A. Bishop (MSFT)" <(E-Mail Removed)> wrote in message news:Oql%(E-Mail Removed)...
There have been a number of posts addressing this which recommend lowering
the security levels in Vista. That is a last-ditch workaround. Please try
to get the other boxes to support better security before turning Vista's
security to lower settings.

Brief background:
Vista, by default, only uses the more secure NTLMv2 to authenticate on file
shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
number of other implementations of the SMB protocol only recently picked it
up. If you are trying to connect to a system which does not support NTLMv2,
an update will be required. If your system supports NTLMv2 but does not use
it by default, a settings change will be required.

If you are using Samba (Linux, OS/X):
- Make sure you have at least version 3.0.23
- Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

If you are using a Samba-based NAS device:
- Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
later
- Follow manufacturer's instructions for enabling NTLMv2 through their
configuration interface

If you are using Windows 9X: (Summarized from KB239869, "How to enable
NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
- Install the ADCE for Windows 9X -
http://download.microsoft.com/downlo...dsclient9x.msi
- You may optionally uninstall the ADCE; uninstalling ADCE does not remove
the files added to enable NTLMv2
- Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
to 0x3.

If none of the above works, *as a last resort*, permit the lower level of
security in Vista:
- On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
Policies" > "Security Options" > "Network Security: LAN Manager
authentication level" and change from "NTLMv2 responses only" to "LM and
NTLM -- use NTLMv2 session security if negotiated".
- On other SKUs of Vista, Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
to 0x1.

 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Is Netscape Leaving Firefox Behind on GNU/Linux? THE LINUX PROPAGANDA MACHINE CONTINUES. FIREFOX IGNORING LINUX............. traci.manicotti@gmail.com Windows XP General 1 19th Oct 2007 09:12 AM
Iomega NAS or any NAS question muahman@gmail.com Storage Devices 0 6th Jun 2006 03:18 AM
Home NAS question: NAS Suggestions for Dummies needed Ken K Storage Devices 38 26th Mar 2005 12:43 AM
OT: Any LINUX Guru - linux red hat 9 start up error (please ignore non-linux guys) abdul mahmoodi Freeware 10 17th Aug 2004 11:57 AM
problem with direct connection between win98 and win2000 PC (win2000 can see & access win98 and folders, but win98 can't access win2000 PC) Steven L Umbach Microsoft Windows 2000 Networking 1 1st Jan 2004 11:40 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 08:32 PM.