Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
(9) W2K8 R2 AD Upgrade Tips: No LM Hash policy for old clients
For those of you contemplating a W2K8 or R2 upgrade from W2K3, here’s another tidbit to check. If you add a W2K8 or R2 DC to an existing W2K3 domain, (very) old clients that can only use LAN Manager (LM) authentication instead of Kerberos will break. This is because W2K8 and W2K8 R2 have changed policy to never store the easily-hackable LM hash in the local SAM database or in AD, which the old clients require. If you do still have old computers in the domain that require this, first you have my sympathy :). Second, you need to look at KB946405 on how to re-enable it again. Technorati Tags: W2K8,W2K8 R2,AD upgrade,no LM hash policy,group policy
Sean Deuby
April 12, 2010
1 Min Read
For those of you contemplating a W2K8 or R2 upgrade from W2K3, here’s another tidbit to check. If you add a W2K8 or R2 DC to an existing W2K3 domain, (very) old clients that can only use LAN Manager (LM) authentication instead of Kerberos will break. This is because W2K8 and W2K8 R2 have changed policy to never store the easily-hackable LM hash in the local SAM database or in AD, which the old clients require.
If you do still have old computers in the domain that require this, first you have my sympathy :). Second, you need to look at KB946405 on how to re-enable it again.
Technorati Tags: W2K8,W2K8 R2,AD upgrade,no LM hash policy,group policy
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
