Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
You cannot determine Group Policy security settings on a Windows Server 2003, Enterprise Edition-based computer
Article ID: 932461 - View products that this article applies to.
You experience the following symptoms on a Microsoft Windows Server 2003, Enterprise Edition-based computer:
This problem occurs if specific Group Policy security settings are changed from their default settings. These security settings specify the minimum required security setting of server-side and client-side network connections for programs that use the NTLM security support provider (SSP).
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To resolve this issue, change the specific Group Policy settings to their default values. To do this, follow these steps:
NTLMv2 authenticationSession security determines the minimum security standards for client sessions and for server sessions. The following policies determine the minimum security standards for a program-to-program communications session on a server for a client:
The options for these security settings are as follows:
Historically, Windows NT has supported the following two variants of challenge/response authentication for network logons:
The following registry subkeys correspond to the challenge/response authentication variants:
Note If you select the Require NTLMv2 session security option, and then you set the LAN Manager authentication level to Send LM & NTLM responses (level 0), the two settings may conflict. In this case, the following error message may be logged in the Secpol.msc file or in the GPEdit.msc file:
Windows cannot open the local policy database. An unknown error occurred when attempting to open the database.