Group policy anyone?

On November 21, 2004, in Needed Patches/Tweaks, Security, by

Thought I’d show you what I did to enable the NoLMHash


How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases:
http://support.microsoft.com/default.aspx?scid=kb;en-us;299656


First I opened up the Group Policy from start, programs, administrative tools, group policy management and went down to the Domain Controller section and right mouse clicked to “Credit and link an GPO“ here.



Next I named it what it was doing [LAN Manager Hash] so I could know that was the policy doing the “pushing“.  Next I right mouse clicked on the name and clicked “Edit“



Now we drill all the way down, computer configuration, then expand windows settings, then security settings, then local policies, then security options and click on that section.



On the right hand side you should see a list of things you can do, scroll down to the “N” section and look for this setting:



Now double click and ENABLE that setting.



When you get all done the “resulting window should look something like this:

 

One Response to Group policy anyone?

  1. Stevereno says:

    Hey! I learned this trick from a posting about passwords on your website. I didn’t want to use a 14 + character password so I figured this would be the next best thing.

    I just made it part of the domain policy instead of linking. I’m sure that linking the policy is beter since ir reminds you about what it’s there for.