advproxy - The Advanced Web Proxy add-on

   

HOWTO: Integrated Windows authentication with Windows Vista

Windows Vista has changed the default LAN Manager security level to Send NTLMv2 response only. This can lead to technical issues for users authenticating to a Proxy Server from a Windows Vista client.

To enable the Integrated Windows authentication for Windows Vista, you'll have to change the LAN Manager security back to a more compatible level.

Warning: The modification of these settings may affect your security!

Windows Vista : Configuring the LAN Manager security level

These are the steps to configure the integrated Windows authentication on workgroup clients running Windows Vista: Open the MMC snap-in Group Policy Object Editor or run then command gpedit.msc to start the GPO Editor.

On the left pane go to

  • Computer Configuration
    • Windows Settings
      • Security Settings
        • Local Policies
          • Security Options

and select the policy Network Security: LAN Manager Authentication Level (figure 1).

Figure 1
Figure 1 (click to enlarge)

Change the default value from Send NTLMv2 response only to Send LM & NTLM - use NTLMv2 session security if negotiated (figure 2).

Figure 2
Figure 2 (click to enlarge)

Run the command gpupdate to refresh the policy (figure 3).

Figure 3
Figure 3 (click to enlarge)

advproxy © Copyright 2004-2008 by Marco Sondermann - Last update: 2008-03-09

Valid XHTML 1.0!   Valid CSS!