LM Hashes, NTLM and Kerberos.

Posted on 2008-11-03
Medium Priority
Last Modified: 2013-12-04
I need to understand a couple of things with regards to the LM Hashes, NTLM and Kerberos. In windows 2000 server, do you set up kerberos or is it there by default? Just works even without any configuration? Where then does the vulnerability of LM Hashes and NTLM come in if windows 2000 server uses kerberos? Im lost. Please refer me to some site or please explain.
Question by:yolunga2000
LVL 31

Accepted Solution

Toni Uranjek earned 100 total points
ID: 22879662

Kerberos is default authentication mechanism since 2000 for clients which support Kerberos authentication. If client does not support Kerberos authentication (Windows 9x/Me, NT 4.), server will fall back to NTLMv2, NTLMv1 or even LM hashes. If anything on your network prevents Kerberos from working, even clients which support Kerberos authentication will use older authentication mechansims. Behaviour of your domain controllers is defined in Default Domain Controllers Policy:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

LAN Manager authentication level should be configured to refuse LM and NTLMv1, but this might prevent older system from authenticating.

More info: http://msdn.microsoft.com/en-us/library/ms814176.aspx



LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 22885266
Kerberos is only the default for sign-on, all share/printer/IIS access auth is LM/NTLM!
Even with vista still defaults to lm/ntlm.  It's sad really... from the link above: Default: Send LM & NTLM responses.
This is a pretty good article about lm/ntlm/ntlmv2, but is incorrect about vista's behaviour with LM/NTLMv1 http://technet.microsoft.com/en-us/magazine/cc160954.aspx

This article tries to explain Kerberos.

If you really want to see what is being sent in/out for yourself, grab a copy of Cain&Abel from oxid.it and turn on the sniffer. The M$ articles seem to portray kerbeos being used all over, but it's really not...

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Integration Management Part 2
Loops Section Overview
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question