|
Windows NT supports the following two types of challenge/response authentication:
LanManager (LM) challenge/response
Windows NT challenge/response
To allow access to servers that only support LM authentication, Windows NT clients currently send both authentication types. Microsoft developed a patch that allows clients to be configured to send only Windows NT authentication. This removes the use of LM challenge/response messages from the network.
Applying this hot fix, configures the following registry key:
Hive:
|
HKEY_LOCAL_MACHINE\SYSTEM
|
Key:
|
System\CurrentControlSet\Control\LSA
|
Name:
|
LMCompatibilityLevel
|
Type:
|
REG_DWORD
|
Value:
|
0,1,2 (Default 0)
|
Setting the value to:
0 – Send both Windows NT and LM password forms.
1 – Send Windows NT and LM password forms only if the server requests it.
2 – Never send LM password form.
If a Windows NT client selects level 2, it cannot connect to servers that support only LM authentication, such as Windows 95 and Windows for Workgroups.
For more complete information on this hot fix, please refer to Knowledge Base article number Q147706.
Wiping the System Page File during clean system shutdown
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
Virtual Memory support of Windows NT uses a system page file to swap pages from memory of different processes onto disk when they are not being actively used. On a running system, this page file is opened exclusively by the operating system and hence is well-protected. However, systems that are configured to allow booting to other operating systems, may want to ensure that system page file is wiped clean when Windows NT shuts down. This ensures that sensitive information from process memory that may have made into the page file is not available to a snooping user. This can be achieved by setting up the following key:
Hive:
|
HKEY_LOCAL_MACHINE\SYSTEM
|
Key:
|
System\CurrentControlSet\Control\SessionManager\Memory Management
|
Name:
|
ClearPageFileAtShutdown
|
Type:
|
REG_DWORD
|
Value:
|
1
|
Note that, this protection works only during a clean shutdown, therefore it is important that untrusted users do not have ability to power off or reset the system manually.
Protecting the Registry
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
All the initialization and configuration information used by Windows NT is stored in the registry. Normally, the keys in the registry are changed indirectly, through the administrative tools such as the Control Panel. This method is recommended. The registry can also be altered directly, with the Registry Editor; some keys can be altered in no other way.
The Registry Editor supports remote access to the Windows NT registry. To restrict network access to the registry, use the Registry Editor to create the following registry key:
Hive:
|
HKEY_LOCAL_MACHINE
|
Key:
|
\CurrentcontrolSet\Control\SecurePipeServers
|
Name:
|
\winreg
|
The security permissions set on this key define which users or groups can connect to the system for remote registry access. The default Windows NT Workstation installation does not define this key and does not restrict remote access to the registry. Windows NT Server permits only administrators remote access to the registry.
| 