question for 70-294 Exam!
hudda
Member Posts: 101
I was working on lab I have problem on this question, if any one know please.
Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?
Thanks
Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?
Thanks
Comments
-
Smallguy
Member Posts: 597
If I understand ou correctly
you have to right clcik on the OU > go tp properties > then iunto your policy> create new(make it a menaingfull name)> then edit it is under security settings and then LAN Manager (pretty sure)
if memory serves me corectly you wants to use NTLM V2 /refuse LM as lm is the least secure
I don;t have a 2003 box here right now so I'm going by memory. I looked on our 2000 DC but i'm not sure if the setingare are identical or not -
eurotrash
Member Posts: 817
Depending on the client OSs and then again whether authentication is meant as authentication to the domain, Kerberos would be the most secure.witty comment
-
baracus
Member Posts: 50 ■■□□□□□□□□
You must enforce this with a GPO. Create/link a GPO to the OU. Then configure the setting
Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options->Network Security:Lan Manager Authentication Level
Set this to Send NTLMv2 response only\Refuse LM & NTLM
Hope this helps.hudda wrote:I was working on lab I have problem on this question, if any one know please.
Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?
Thanks -
royal
Member Posts: 3,352 ■■■■□□□□□□
baracus wrote:You must enforce this with a GPO. Create/link a GPO to the OU. Then configure the setting
Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options->Network Security:Lan Manager Authentication Level
Set this to Send NTLMv2 response only\Refuse LM & NTLM
Hope this helps.hudda wrote:I was working on lab I have problem on this question, if any one know please.
Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?
Thanks
As _omni_ said, it all depends. If all clients were at least Windows 2000, then your response is incorrect as the most secure authentication method would be Kerberos. If your clients were NT4 SP4+, then you'd be able to use NTLMv2 as the most secure. If your clients were 9x, NT4 pre-SP4, you could still use NTLMv2 as the most secure as long as you installed the Active Directory Client Extensions on them.“For success, attitude is equally as important as ability.” - Harry F. Banks