When you perform a clean install of Windows Server 2008 and then install the Active Directory directory service on the computer, the Security Templates files are changed to enable the NoLmHash policy.
If you add Windows Server 2008 as the domain controller to an existing domain by using the default domain policy, the NoLMHash policy of the existing domain controller is disabled. Additionally, the NoLMHash policy in Windows Server 2008 is enabled.
To disable the NoLMHash policy by using Group Policy in Windows Server 2008, follow these steps:
- Click Start, click Control Panel, click Administrative Tools, and then click Local Security Policy.
- Expand Security Settings, expand Local Policy, and then click Security Options.
- In the list of the available policies, double-click Network Security: Do not save the value of hash of LAN in the next password change.
- Click Disable, and then click OK.
Article ID: 946405 - Last Review: Feb 12, 2009 - Revision: 1