LM, NTLM, and NTLMv2 on the IU network
For reasons of security and reliability, UITS does not support LAN Manager (LM) and NT LAN Manager Version 1 (NTLMv1) authentication protocols on the Indiana University network. The only authentication protocols accepted are NT LAN Manager Version 2 (NTLMv2) and Kerberos. If you are using Windows 95, 98, 98SE, or Me, or Macintosh operating system versions prior to Mac OS X 10.3, you cannot use network resources such as mapped network drives and Residential Technology Center (RTC) printers, now that UITS has disabled these older authentication protocols.
Microsoft no longer provides critical security updates for Windows 95, 98, 98SE, and Me. Therefore, UITS recommends that you use only Windows 2000, XP Professional, and Vista Enterprise or Ultimate on Windows computers connected to the IU network. Macintosh users who need full access to Exchange should use Entourage 2004 or 2008. Macintosh users who must perform tasks requiring ADS authentication, such as file sharing with Windows computers, must use Mac OS X 10.3 or higher.
Computers joined to IU's Active Directory now receive settings from the network automatically that disable LM and NTLMv1, so if you connect to ADS, you likely don't need to disable these protocols manually. However, if your computer is not joined to ADS, you must change the settings yourself. UITS has developed a free Windows Authentication Update tool (available on IUware) to disable insecure LM and NTLMv1 authentication protocols in Windows 2000 and higher. For more information, see What is the tool that disables LM/NTLMv1, and where can I get it? If you have problems running the tool, you can also change your settings manually; see the instructions in How can I use the local security settings to force NTLMv2?
Last modified on November 10, 2009.
