Eliminating NETBIOS kills NTLMv2?

  • Thread starter Thread starter Jacques Koorts
  • Start date Start date
J

Jacques Koorts

Read this in Mark Minasi's articles.

I guess that's why shutting down NetBIOS made things faster, as eliminating
NetBIOS kills LM, NTLM, and NTLMv2.

So if you disable Netbios on your computer, your computer will use Kerberos?
What Osses support Kerberos? Is this all auto?

Here some more from the Article.

personally think that the LM "hole" is one that Microsoft should have
plugged a long time ago through their defaults, but they haven't, probably
because so many clients use Wintendo boxes. With hope we'll see LM just a
bad memory soon, though. I urge you to seriously consider rolling out this
change and let me close this by offering an performance incentive to go "all
NTLMv2:" logons are faster. If you've ever read my pieces on how much
faster NET USE commands become when you shut off NetBIOS, then you probably
wondered why they got so much faster. I never knew either, but since
shutting off NTLM and LM, I've noticed much, much snappier response from my
NET USE commands. I still don't know why, but now I've got a guess:
getting rid of NTLM and LM just plain simplified the logon process. As the
clients and servers have fewer options, things just happen more quickly. I
guess that's why shutting down NetBIOS made things faster, as eliminating
NetBIOS kills LM, NTLM, and NTLMv2.
 
I guess that's why shutting down NetBIOS made things faster, as eliminating
NetBIOS kills LM, NTLM, and NTLMv2.

So if you disable Netbios on your computer, your computer will use Kerberos?
What Osses support Kerberos? Is this all auto?

This is incorrect. Disabling NetBIOS does NOT kill LM, NTLM or NTLMv2.

Your PC will still use NTLMv2 to connect to a standalone server or to a
server in an untrusted domain. Your domain policy should restrict the use
of LM and NTLM for just this reason - so you DON'T allow these to be used
when connecting to an untrusted server.
 
Back
Top