When starting to deploy Windows 7 to our corporate domain environment, we noticed that our domain user accounts were starting to get locked out. After some investigation, it appeared that Windows 7 was trying to authenticate with the proxy (maybe via Windows Update?) and the proxy was not able to use the same version of NTLM authentication that is now used in Windows 7 (and Windows Server 2008 R2 for that matter).
This required us to change the LM Compatibility Level on the Windows 7 machines via a registry key (can also be done via Group Policy). Via the registry, In “HKLM\SYSTEM\CurrentControlSet\Control\Lsa”, check for a DWORD value called “LMCompatibilityLevel”. Set to “1”. If it doesn’t exist, just create it.
This does have some security implications and you should read up on this and make a judgement on whether it is a wise choice in your environment. A good starting point is http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch(en-us).aspx.
Further information on NTLM Authentication in Windows 7 can be found here http://technet.microsoft.com/en-us/library/dd560653(WS.10).aspx.
Possibly related posts (auto generated):
Related Articles
1 user responded in this post
Carol Crawford – account lockout…
Remote control the server (server.bgc.local) and run "locloutStatus.exe" – there’s a shortcut on the desktop File, select target, set target user name to be carolc and click on ok When a line is displayed, right click on it and "u…
Leave A Reply