Okay Russ, I submit to greater authority on the subject,
Please accept my humble apologies..... I don't monitor
the ntsecurity forum and missed this thread...
(Now I wonder if the KERBEROS port for NT5 is going to fix
Personal Opinions provided by
aka leonard @
Gemini Computers Inc.
On Wed, 5 Nov 1997, Russ wrote:
> This can only be enforced if both the client and the server have it
> disabled. From KB article Q147706;
> "To eliminate LM authentication with protocols other than remote file
> sharing (for example, Microsoft RPC, RAS, Internet Information Server
> (IIS), or Internet Explorer -- anything that uses the NTLMSSP), both the
> client and the server need to have the hotfix installed."
> The key only affects whether or not LM is going to be sent, not whether
> or not its going to be accepted. Your comments are a mis-representation
> of the facts and I would suggest you correct them in public. You cannot
> "turn off LANManager authentication on Windows NT", you can only prevent
> it from being sent.
> If I don't see a correct in a couple of days I'll send one myself, since
> you're contradicting what I've said publicly (seemingly insistently).