Vista Networking with Win98 / Mac / Linux / NAS

Discussion in 'Windows Vista Networking' started by Michael A. Bishop \(MSFT\), Mar 19, 2007.

  1. There have been a number of posts addressing this which recommend lowering
    the security levels in Vista. That is a last-ditch workaround. Please try
    to get the other boxes to support better security before turning Vista's
    security to lower settings.

    Brief background:
    Vista, by default, only uses the more secure NTLMv2 to authenticate on file
    shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
    number of other implementations of the SMB protocol only recently picked it
    up. If you are trying to connect to a system which does not support NTLMv2,
    an update will be required. If your system supports NTLMv2 but does not use
    it by default, a settings change will be required.

    If you are using Samba (Linux, OS/X):
    - Make sure you have at least version 3.0.23
    - Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

    If you are using a Samba-based NAS device:
    - Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
    later
    - Follow manufacturer's instructions for enabling NTLMv2 through their
    configuration interface

    If you are using Windows 9X: (Summarized from KB239869, "How to enable
    NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
    - Install the ADCE for Windows 9X -
    http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
    - You may optionally uninstall the ADCE; uninstalling ADCE does not remove
    the files added to enable NTLMv2
    - Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
    to 0x3.

    If none of the above works, *as a last resort*, permit the lower level of
    security in Vista:
    - On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
    Policies" > "Security Options" > "Network Security: LAN Manager
    authentication level" and change from "NTLMv2 responses only" to "LM and
    NTLM -- use NTLMv2 session security if negotiated".
    - On other SKUs of Vista, Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
    to 0x1.
     
    Michael A. Bishop \(MSFT\), Mar 19, 2007
    #1
    1. Advertisements

  2. Thank you, Michael.

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
    "Michael A. Bishop (MSFT)" <> wrote in message news:Oql%...
    There have been a number of posts addressing this which recommend lowering
    the security levels in Vista. That is a last-ditch workaround. Please try
    to get the other boxes to support better security before turning Vista's
    security to lower settings.

    Brief background:
    Vista, by default, only uses the more secure NTLMv2 to authenticate on file
    shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
    number of other implementations of the SMB protocol only recently picked it
    up. If you are trying to connect to a system which does not support NTLMv2,
    an update will be required. If your system supports NTLMv2 but does not use
    it by default, a settings change will be required.

    If you are using Samba (Linux, OS/X):
    - Make sure you have at least version 3.0.23
    - Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

    If you are using a Samba-based NAS device:
    - Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
    later
    - Follow manufacturer's instructions for enabling NTLMv2 through their
    configuration interface

    If you are using Windows 9X: (Summarized from KB239869, "How to enable
    NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
    - Install the ADCE for Windows 9X -
    http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
    - You may optionally uninstall the ADCE; uninstalling ADCE does not remove
    the files added to enable NTLMv2
    - Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
    to 0x3.

    If none of the above works, *as a last resort*, permit the lower level of
    security in Vista:
    - On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
    Policies" > "Security Options" > "Network Security: LAN Manager
    authentication level" and change from "NTLMv2 responses only" to "LM and
    NTLM -- use NTLMv2 session security if negotiated".
    - On other SKUs of Vista, Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
    to 0x1.
     
    Robert L [MVP - Networking], Mar 20, 2007
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest

    NTLM Passwords Linux NAS passwords

    Guest, Jan 31, 2007, in forum: Windows Vista Networking
    Replies:
    5
    Views:
    370
    Guest
    Feb 2, 2007
  2. Guest

    Vista and Win98 Networking Yet????

    Guest, Jul 19, 2007, in forum: Windows Vista Networking
    Replies:
    0
    Views:
    154
    Guest
    Jul 19, 2007
  3. Sid
    Replies:
    11
    Views:
    394
  4. Sid
    Replies:
    4
    Views:
    281
    RalfG
    Mar 15, 2008
  5. Bob

    win98 cannot get to vista but vista can "See" win98

    Bob, Jul 1, 2009, in forum: Windows Vista Networking
    Replies:
    2
    Views:
    330
    Steve Winograd [MS-MVP]
    Jul 16, 2009
Loading...

Share This Page