NoteHKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy
| Data type | Range | Default value |
|---|---|---|
| REG_DWORD | 0 | 1 | 1 |
Determines whether Internet Authentication Service (IAS) and Routing and Remote Access Service (RRAS) can use LanManager (LM) Challenge/Response authentication.
By default, IAS and RRAS use Windows Challenge/Response authentication, version 2 (known as NTLMv2) because it provides more robust password protection. However, LanManager authentication support is available to maintain compatibility with servers running older operating systems that do not support NTLM authentication.
| Value | Meaning |
|---|---|
| 0 | LanManager authentication is not supported. As a result, servers are subject to the secure password authentication provided by NTLMv2. However, the system cannot connect to servers that do not support Window 2000 Challenge/Response authentication, such as Windows 95, Windows 98, or Windows for Workgroups servers. |
| 1 | LanManager authentication is supported. The system can connect to servers that do not support NTLMv2. However, the system is vulnerable to malicious attacks that take advantage of the weaker protocol. |
Note
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.