Microsoft's LanMan Hash is insecure and relatively easy to break. To prevent Active Directory from storing or using the lanman hash, apply the following hack to the DC. Similarly you can apply the hack to servers and workstations. If you disable the lanman hash on servers, Win9x clients will not have access without the Directory Services Client. See NTLMv2 NT Authenication

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name: NoLMHash
Type: REG_DWORD
Value: 1 emulate an NT4 DC

Related tips:

• NTLMv2 NT Authenication in NT and Win9x clients
• Cracking Windows NT passwords

Keywords: Windows 2000 Registry Tip, lanman hash, insecure, disable, active directory, servers, workstations, lsa, NoLMHash