>So there's no way to force the NT server to refuse LanMan hashes?
>be the easiest and most obvious way to avoid the issue; must mean that
>it's impossible. :-(
I honestly don't think its a matter of being impossible, as surely it
isn't. One thing I would look for, however, is just whether or not all
NT functions that involve hashes are done using NT hashes only (this
would be a logical extrapolation of their statement that LM hashes are
only removed if enforced on both the server *and* the client).
I do think its a matter that to do so would prevent the use of Win95,
and I believe MS feels this setting would cause to many support issues.
It would also glaringly focus attention on the insecurities of Win95
(not that they try and say it is secure, just that they probably don't
want it pointed out so vividly).
Humble opinions all of my own.