Details on Group Policy

On November 26, 2004, in Security, XP2, by

Jeff from Vancouver also writes in that he wants a more detailed description of what the group policy can and cannot do.

You know [in my opinion] the best source for seeing the power of group policy is?  In an Excel spreadsheet. Now granted I think it’s because us beancounters are born with a spreadsheet so it’s more natural to us, but that one document more often than not shows me what can be done. 

Remember my NOLMHash thing?

On the spreadsheet it’s detailed out like this:

Computer Configuration\Windows Settings\Local Policies\Security Options

Network security: Do not store LAN Manager hash value on next password change

Determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
For more information on cryptographic hashes of passwords, see “Microsoft NTLM” in the Microsoft Web site at                                                                  
Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. 

Check this spreadsheet out Jeff.  It takes some time to go through, but I think it might help.

Let me know.


Comments are closed.