HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Data type | Range | Default value |
---|---|---|
REG_DWORD | 0-5 | 0 |
Specifies the mode of authentication and session security to be used for network logons. This does not affect interactive logons.
Value | Meaning |
---|---|
0 | Send LM and NTLM response; never use NTLMv2 session security. Clients will use LM and NTLM authentication, and never use NTLMv2 session security. Domain controllers will accept LM, NTLM and NTLMv2 authentication. |
1 | Use NTLMv2 session security if negotiated. Clients will use LM and NTLM authentication, and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM and NTLMv2 authentication. |
2 | Send NTLM response only. Clients will only use NTLM authentication, and use NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM and NTLMv2 authentication. |
3 | Send NTLMv2 response only. Clients will use NTLMv2 authentation, use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM and NTLMv2 authentication. |
4 | Domain controller refuses LM responses. Clients will use NTLMv2 authentation, and use NTLMv2 session security if the server supports it. Domain controller refuses LM authentication (instead, it accepts NTLM and NTLMv2). |
5 | Domain controller refuses LM and NTLM responses (accepts only NTLMv2). Clients will use NTLMv2 authentation, use NTLMv2 session security if the server supports it. Domain controller refuses NTLM and LM authentication (accepts only NTLMv2). |
You must restart Windows to make changes to this entry effective.
Note
For more information about Windows 2000 security, see the Windows 2000 Distributed Systems Guide.
Tip
For more information on LM authentication, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Article Q147706, or use the keywords LM authentication.