Vista Networking with Win98 / Mac / Linux / NAS

Discussion in 'Windows Vista Networking' started by Michael A. Bishop \(MSFT\), Mar 19, 2007.

  1. There have been a number of posts addressing this which recommend lowering
    the security levels in Vista. That is a last-ditch workaround. Please try
    to get the other boxes to support better security before turning Vista's
    security to lower settings.

    Brief background:
    Vista, by default, only uses the more secure NTLMv2 to authenticate on file
    shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
    number of other implementations of the SMB protocol only recently picked it
    up. If you are trying to connect to a system which does not support NTLMv2,
    an update will be required. If your system supports NTLMv2 but does not use
    it by default, a settings change will be required.

    If you are using Samba (Linux, OS/X):
    - Make sure you have at least version 3.0.23
    - Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

    If you are using a Samba-based NAS device:
    - Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
    later
    - Follow manufacturer's instructions for enabling NTLMv2 through their
    configuration interface

    If you are using Windows 9X: (Summarized from KB239869, "How to enable
    NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
    - Install the ADCE for Windows 9X -
    http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
    - You may optionally uninstall the ADCE; uninstalling ADCE does not remove
    the files added to enable NTLMv2
    - Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
    to 0x3.

    If none of the above works, *as a last resort*, permit the lower level of
    security in Vista:
    - On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
    Policies" > "Security Options" > "Network Security: LAN Manager
    authentication level" and change from "NTLMv2 responses only" to "LM and
    NTLM -- use NTLMv2 session security if negotiated".
    - On other SKUs of Vista, Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
    to 0x1.
     
    Michael A. Bishop \(MSFT\), Mar 19, 2007
    #1
    1. Advertisements

  2. Thank you, Michael.

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
    "Michael A. Bishop (MSFT)" <> wrote in message news:Oql%...
    There have been a number of posts addressing this which recommend lowering
    the security levels in Vista. That is a last-ditch workaround. Please try
    to get the other boxes to support better security before turning Vista's
    security to lower settings.

    Brief background:
    Vista, by default, only uses the more secure NTLMv2 to authenticate on file
    shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
    number of other implementations of the SMB protocol only recently picked it
    up. If you are trying to connect to a system which does not support NTLMv2,
    an update will be required. If your system supports NTLMv2 but does not use
    it by default, a settings change will be required.

    If you are using Samba (Linux, OS/X):
    - Make sure you have at least version 3.0.23
    - Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

    If you are using a Samba-based NAS device:
    - Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
    later
    - Follow manufacturer's instructions for enabling NTLMv2 through their
    configuration interface

    If you are using Windows 9X: (Summarized from KB239869, "How to enable
    NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
    - Install the ADCE for Windows 9X -
    http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
    - You may optionally uninstall the ADCE; uninstalling ADCE does not remove
    the files added to enable NTLMv2
    - Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
    to 0x3.

    If none of the above works, *as a last resort*, permit the lower level of
    security in Vista:
    - On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
    Policies" > "Security Options" > "Network Security: LAN Manager
    authentication level" and change from "NTLMv2 responses only" to "LM and
    NTLM -- use NTLMv2 session security if negotiated".
    - On other SKUs of Vista, Start > regedit; change
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
    to 0x1.
     
    Robert L [MVP - Networking], Mar 20, 2007
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Guest

    NTLM Passwords Linux NAS passwords

    Guest, Jan 31, 2007, in forum: Windows Vista Networking
    Replies:
    5
    Views:
    498
    Guest
    Feb 2, 2007
  2. Guest

    Vista + XP + MAC OS networking woes

    Guest, May 25, 2007, in forum: Windows Vista Networking
    Replies:
    1
    Views:
    236
    Robert L [MVP - Networking]
    May 25, 2007
  3. Guest

    Vista and Win98 Networking Yet????

    Guest, Jul 19, 2007, in forum: Windows Vista Networking
    Replies:
    0
    Views:
    205
    Guest
    Jul 19, 2007
  4. Guest

    Vista / XP / 2000 / Linux networking

    Guest, Aug 9, 2007, in forum: Windows Vista Networking
    Replies:
    13
    Views:
    307
    Malke
    Jan 6, 2008
  5. Guest

    Vista / XP / Win98 networking

    Guest, Aug 11, 2007, in forum: Windows Vista Networking
    Replies:
    7
    Views:
    407
    Guest
    Aug 14, 2007
  6. Sid
    Replies:
    11
    Views:
    539
  7. Sid
    Replies:
    4
    Views:
    401
    RalfG
    Mar 15, 2008
  8. Bob

    win98 cannot get to vista but vista can "See" win98

    Bob, Jul 1, 2009, in forum: Windows Vista Networking
    Replies:
    2
    Views:
    430
    Steve Winograd [MS-MVP]
    Jul 16, 2009
Loading...