dsclient - ntlm v2

I need to know how make win 9x work with ntlm v2.
I´ve installed dsclient, changed the registry like described in some
websites, but isn´t work.
It don´t autenticate. The only way to this work is changing the registry to
level 0, but with this the ntlm v2 don´t work.

> Locate and click the following key in the registry:
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
>
> Create an LSA registry key in the registry key listed above
>
> On the Edit menu, click Add Value, and then add the following registry
> value:
> Value Name: LMCompatibilityLevel
> Data Type: REG_DWORD
> Value: 3
> Valid Range: 0,3
> Description: This parameter specifies the mode of authentication and
> session
> security to be used for network logons. It does not affect interactive
> logons.
> . Level 0 - Send LM and NTLM response; never use NTLM 2 session security.
> Clients will use LM and NTLM authentication, and never use NTLM 2 session
> security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
> . Level 3 - Send NTLM 2 response only. Clients will use NTLM 2
> authentication and use NTLM 2 session security if the server supports it;
> domain controllers accept LM, NTLM, and NTLM 2 authentication.
>
Thanks,
Leonardo

Patty
Thu Jul 28 17:15:46 CDT 2005

Can you dig a little deeper? Did you follow the steps in this KB
Article?

http://support.microsoft.com/default.aspx?scid=kb;en-us;239869

It states to change the reg setting value to 3, not 0 for NTLM2 as the
prefered method....

Regards,

Patty

Roger
Fri Jul 29 09:09:01 CDT 2005

To what are you trying to connect with the downlevel machine ?
To an member in AD? What is its Windows version?
To a strand-alone? Are you sure the problem is with authentication
rather than with communications signing requirements ?
Does anything show in the event log of the target machine ?
What is the behavior as seen at the downlevel client machine ?

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Leonardo Bispo" <LeonardoBispo@discussions.microsoft.com> wrote in message
news:7CC28917-4ABC-4D4F-9191-EF1EF80A811B@microsoft.com...
> I need to know how make win 9x work with ntlm v2.
> I´ve installed dsclient, changed the registry like described in some
> websites, but isn´t work.
> It don´t autenticate. The only way to this work is changing the registry
to
> level 0, but with this the ntlm v2 don´t work.
>
> > Locate and click the following key in the registry:
> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
> >
> > Create an LSA registry key in the registry key listed above
> >
> > On the Edit menu, click Add Value, and then add the following registry
> > value:
> > Value Name: LMCompatibilityLevel
> > Data Type: REG_DWORD
> > Value: 3
> > Valid Range: 0,3
> > Description: This parameter specifies the mode of authentication and
> > session
> > security to be used for network logons. It does not affect interactive
> > logons.
> > . Level 0 - Send LM and NTLM response; never use NTLM 2 session
security.
> > Clients will use LM and NTLM authentication, and never use NTLM 2
session
> > security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
> > . Level 3 - Send NTLM 2 response only. Clients will use NTLM 2
> > authentication and use NTLM 2 session security if the server supports
it;
> > domain controllers accept LM, NTLM, and NTLM 2 authentication.
> >
> Thanks,
> Leonardo

LeonardoBispo
Fri Jul 29 10:00:05 CDT 2005

Patty,

I´m already did these steps. The problem is, when I change the registry to 3
I can´t autenticate this win9x in my ad. So I change back to 0 to connect
with my ad using LM.

"Patty Calcaterra" wrote:

> Can you dig a little deeper? Did you follow the steps in this KB
> Article?
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;239869
>
> It states to change the reg setting value to 3, not 0 for NTLM2 as the
> prefered method....
>
> Regards,
>
> Patty
>
>