G
Guest
Guest
Archived from groups: microsoft.public.win2000.security (More info?)
How do you REALLY disable the generation of Lan Manager password hashes.
i have set the group policy on the domain controller (Windows 2000), and
added to the domain controller's registry the NoLMHash = 1 DWORD.
Then i go to a workstation and reset the password of my domain account.
i can then go back to the domain controller, dump the AD password hashes. i
then crack it and confirm that the LM Hash exists, and contains my new
password.
So how does one REALLY disable LM Hashes in an Active Directory environment?
How do you REALLY disable the generation of Lan Manager password hashes.
i have set the group policy on the domain controller (Windows 2000), and
added to the domain controller's registry the NoLMHash = 1 DWORD.
Then i go to a workstation and reset the password of my domain account.
i can then go back to the domain controller, dump the AD password hashes. i
then crack it and confirm that the LM Hash exists, and contains my new
password.
So how does one REALLY disable LM Hashes in an Active Directory environment?