Network security: Minimum session security for NTLM SSP based...

Expand / Collapse
 
     

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients


This value impacts applications, from the point of view of the server, that use the NTLM SSP or secure RPC and specifies session security requirements for communication between the client and server.

Hex value Check box Meaning
0x0 None checked None. No security is used for session security.
0x10 Require message integrity Message integrity. If the value of either this entry or the NtlmMinServerSec entry is 0x10, then the connection will fail unless message integrity is negotiated.
0x20 Require message confidentiality Message confidentiality. If the value of either this entry or the NtlmMinServerSec entry is 0x20, then the connection will fail unless message confidentiality is negotiated.
0x80000 Require NTLMv2 session security NTLMv2 session security. If the value of either this entry or the NtlmMinServerSec entry is 0x80000, then the connection will fail unless NTLMv2 session security is negotiated.
0x20000000 Require 128-bit encryption 128-bit encryption. If the value of either this entry or the NtlmMinServerSec entry is 0x20000000, then the connection will fail unless 128-bit encryption is negotiated

As best I can tell, this setting will primarily impact secure RPC communications such as between Outlook and Exchange when authenticating via NTLM.

Unanswered questions: how do these settings affect SMB traffic or do they? Do these setting apply to all RPC traffic, only secure RPC traffic or just secure RPC traffic authenticated via NTLM instead of Keberos? How do these setting affect traffic sent via the Kerberos SSP? If they don’t, how do you set similar requirements for Kerberos SSP?

Underlying registry key and value

NtlmMinClientSec HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Data type Range Default value
REG_DWORD 0x0 | 0x10 | 0x20 | 0x80000 | 0x20000000 0x0

Excellent sources for more information on NTLM: http://davenport.sourceforge.net/ntlm.html by Eric Glass and http://www.microsoft.com/technet/technetmag/issues/2006/08/SecurityWatch/ by Jesper Johansson.

Add Your Comments


Name: *
Email Address:
Web Address:
Verification Code:
*
 

Details
Rated 4 stars based on 1 vote.
Article has been viewed 14,259 times.
Options