This repository has been archived by the owner on May 24, 2023. It is now read-only.

sec20

Jump to bottom

My Random Thoughts edited this page Mar 19, 2018 · 1 revision

sec-20-check-lmhash-security (Enabled)

Ensure the system is set to not sure LMHashes of passwords and that LMHash authentication is secure.

Input Values

MinimumHashLevel - "0|1|2|3|4|5" - The minimum level that should be allowed

Example

MinimumHashLevel = '3'

Input Descriptions

MinimumHashLevel: :
0 : Send LM and NTLM response; never use NTLMv2 security
1 : Use NTLMv2 security if negotiated
2 : Send NTLM authentication only
3 : Send NTLMv2 authentication only
4 : Refuse LM authentication
5 : Refuse LM and NTLM authentication; accept only NTLMv2

Result And Messages

PASS
LMHash security is disabled LM Compatibility Level is equal to or above configured level
WARNING
LM Compatibility Level is below configured level
FAIL
LMHash settings are not configured LMHash security is enabled Registry setting not found
MANUAL
NA

Applies To

All Servers

Required Functions

None

Home | Quick Start ||| Accounts | Drives | HyperV-Host | Network | Regional | Security | SQL | System | Tooling | Virtual