Center for Internet Security Benchmark for SBS2K – Gotcha #2

Yesterday my son decided he wanted to run Win98 again. He has Age of Empires installed on it. So we rebooted his desktop. His machine is dual boot with Win98 and WinXP. The default boot is for WinXP so we have not been in Win98 for quite some time. Guess what? It said I had the wrong password for the network login. I tried several times and locked out the account. It took me a couple of times of locking out the account before I realized that maybe one of my security changes to the Group Policy my have affected the login. This morning I focused my attention on the LAN Manager Authentication Level. I researched the problem  and found that Dsclient can use either Lan Manager or NTLM. It uses Lan Manger by default. If you want to use NTLM  2 as recommended by CIS you must change the registry to enable NTLM Authentification as shown in Q239869 – How to Enable NTLM 2 Authenication.