Greetings, I am trying to get a better understanding of the authentication process in a Windows domain. For simplicity sake, I will keep the question to Server 2003. This is what most of our clients are running. I am pretty sure that when it comes to Kerberos and lan manager authentication, our servers are set up with the defaults. I am not aware of any of our engineers understanding this enough to make modifications in this area. I have read enough articles to understand the weakness of NTLM and that we should, at the least, be forcing NTLMv2. I have also read that NTLM has been largely supplanted by Kerberos as the authentication protocol of choice for domain-based scenarios. If that is the case, then why bother with the Lan manager settings at all? From the start of the process, I have a user that signs into the XP workstation, DC is server 2003, mostly default settings in this section of the Group Policy. Are they authenticating with NTLM or Kerberos? If I do upgrade them to server 2008, would that change? I have printed so many articles and they are just getting me more confused. I will greatly appreciate any help in understanding this process.

"If that is the case, then why bother with the Lan manager settings at all?" The functionality is there to ensure compatibility with older systems. "Are they authenticating with NTLM or Kerberos? If I do upgrade them to server 2008, would that change?" Kerberos is the first choice for authentication in a WS2003+ environment (http://technet.microsoft.com/en-us/library/cc780455(WS.10).aspx). It really comes down to how your domain is configured though.