Solved

Removal of LAN Manager hashes of legacy user account passwords AD

Posted on 2014-10-22
2
134 Views
Last Modified: 2014-12-10
Hello -

Active Directory is storing LAN Manager (LM) hashes of legacy user account passwords.  We are looking to change service account passwords to force Active Directory to no longer store the LAN Manager (LM) password hash. Some of ours still exist because the account hasn't logged in service account. For example, we have an account called calendar we used for setup, no one has logged in it since the day of setup. How do we go about removing it and others?
0
Comment
Question by:First Last
2 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40398736
Delete the account if it's not used.

Disabling LAN manager hashes should have no negative impact unless you have something archaic which is explicitly reliant on that.

Chris
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40399706
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question