What does the Windows 2008 AllowLegacySrvCall registry entry do?
Hello, So I've read and performed the instructions in the KB957441 and it has helped. But my question is what does adding the AllowLegacySrvCall to the Windows 2008 registry actually do? Does is just cause the Windows 2008 server domain controller to act like a Windows 2003 server domain controller? Or does is actually reduce the LAN Manager authentication level under the covers? I'm trying to understand what type of security exposure I have running this way. Thanks, Ron
August 18th, 2011 5:36pm

You are still using NTLMv2 - but without extended security check. I'm not familiar with specifics of the check itself, but if that's what you are interested in, the security forum might be more appropriate (assuming that this info is actually publicly available) - http://social.technet.microsoft.com/Forums/en/winserversecurity/threads hth Marcin
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 5:47pm

Hello, So I've read and performed the instructions in the KB957441 and it has helped. But my question is what does adding the AllowLegacySrvCall to the Windows 2008 registry actually do? Does is just cause the Windows 2008 server domain controller to act like a Windows 2003 server domain controller? Or does is actually reduce the LAN Manager authentication level under the covers? I'm trying to understand what type of security exposure I have running this way. Thanks, Ron p.s. I posted this in the Directory Services forum and got a response, but as suggested, thought I would ask here also: You are still using NTLMv2 - but without extended security check. I'm not familiar with specifics of the check itself, but if that's what you are interested in, the security forum might be more appropriate (assuming that this info is actually publicly available) -
August 19th, 2011 3:50pm

Thanks Marcin, I will post in the winserversecurity thread also.
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2011 3:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics