Solved

Removal of LAN Manager hashes of legacy user account passwords AD

Posted on 2014-10-22
2
148 Views
Last Modified: 2014-12-10
Hello -

Active Directory is storing LAN Manager (LM) hashes of legacy user account passwords.  We are looking to change service account passwords to force Active Directory to no longer store the LAN Manager (LM) password hash. Some of ours still exist because the account hasn't logged in service account. For example, we have an account called calendar we used for setup, no one has logged in it since the day of setup. How do we go about removing it and others?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40398736
Delete the account if it's not used.

Disabling LAN manager hashes should have no negative impact unless you have something archaic which is explicitly reliant on that.

Chris
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40399706
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question