Cannot Use Shares with LMCompatibilityLevel set to Only NTLM 2 Authentication

This article was previously published under Q236414
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
After you change the type of authentication to use only NTLM version 2, shares may not be accessible on other computers.
CAUSE
Starting in Windows NT 4.0 Service Pack 4 (SP4), Microsoft provided an enhancement to control the type of security used for authentication using NTLMSSP. A new registry key named LMCompatibilityLevel was added. With the key set to Allow only NTLMv2, the local RDR does not succeed in getting credentials.
RESOLUTION

Windows NT Server or Workstation 4.0

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:
  • 152734 how to obtain the latest windows nt 4.0 service pack
For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack

STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition.

This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and Windows NT Server 4.0, Terminal Server Edition Service Pack 6.
MORE INFORMATION
For additional information about LMCompatibility settings, please click the article number below to view the article in the Microsoft Knowledge Base:
147706 How to Disable LM Authentication on Windows NT
Because of the increased security level, the NET USE commandmay not work when the domain is defaulted. This is becausethe defaulted or non-existent domain is rejected at this security level. For this command to work the domain name must be supplied.
Properties

Article ID: 236414 - Last Review: 12/05/2015 15:08:55 - Revision: 4.0

  • kbnosurvey kbarchive kbproductlink kbhotfixserver kbqfe kbbug kbfix KB236414
Feedback