How to Send Unencrypted Passwords to Connect Windows 2000 Systems to Third-Party SMB Servers

Some third-party Server Message Block (SMB) servers support only unencrypted (plain text) passwords for authentication.

You can enable a computer running Windows 2000 to send unencrypted passwords to third-party SMB servers that support only unencrypted passwords by setting a Local Security Policy as follows:

1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
2. On the Security Setting folder, click to expand Local Policies, and then double-click Security Options.
3. Double-click Send unencrypted passwords to connect to third-party SMB servers , and then click the Enabled radio button.

NOTE: If domain-level policy settings are defined, they override local policy settings.

WARNING: Enabling this setting allows unencrypted passwords to be sent across the network when users are authenticated by an SMB server that requests this option. This setting can weaken the overall security of an environment and should only be done after careful consideration of the consequences of plain text passwords in your specific environment.

Check with the vendor of the SMB server product to see if it is possible to support encrypted password authentication, or if there is a newer version of the product available that adds this type of support.

For additional information about sending unencrypted password from Windows NT 4.0, click the article number below to view the article in the Microsoft Knowledge Base: