We have many test systems here. Ranging from Windows 2000 Server, Windows XP Home, to Windows 2008 x64. Something I noticed today while testing…when I tried to connect to some Windows 2000 machines – the remote computer would not accept my password:

I happened to be working from a Vista Ultimate machine. So I went over to one of our XP Pro installs – it worked fine. The more testing I did, I realized it only happened with machines that were Windows 2000

Immediately I remembered that there were different levels of NTLM authentication, I thought that Vista might be enforcing a higher level through security policy.

On my Vista machine I opened the local policy editor (You can find this under administrative tools in the control panel).

Drilled down to Local Policies -> Security Options

Looking at:

Network Security: LAN Manager authentication level

I see that it only will allow NTLMv2 responses. Since I know that my physical network is protected, and I know all of the machines running on it I changed it to this:

Now I can connect to the admin$ share…and any other share on Windows 2000 computers.

This tip comes with a warning. Obviously dropping this down makes your Vista install less secure. If you think it is possible that you could have a rogue SMB server (A specially crafted windows share) on your network, I suggest not changing this. setting.

Like this article? Then sign up for my newsletter to get free tips and software sent right to your inbox once a week. Like you, I hate spam – I will never spam, or sell your email address.