Using NTLMv2 on legacy Windows

While it is possible to downgrade security server-side to permit older Windows
versions to connect, this is not secure. The following instructions detail how
to modify older Windows clients to use the slightly more secure NTLMv2, and
permit connecting to network shares hosted by newer versions of Windows.

Note that, even with NTLMv2 enabled client-side, the server must still support
SMB 1 access, a feature disabled by default in modern Windows versions.

This tutorial applies to Windows 95 through XP. Windows Vista and newer has
NTLMv2 enabled by default.

Enabling NTLMv2

NOTE: This tutorial applies to normal distributions of Windows only.
"Remasters" or customizations of Windows may already have NTLMv2 support.
For example, Windows 95 D Lite includes NTLMv2 support.

• For Windows 95 and 98, you must install the Microsoft DS Client to install
  required system files, and apply a registry patch. The DS client may be
  downloaded here.
• For Windows NT 4.0, you must update to Service Pack 4 or later, and edit
  the registry.
• For Windows Me, only a registry change is needed.
• For Windows 2000 and XP, a different registry change is needed.

Registry edit - Windows 9x

In the registry key HKLM\System\CurrentControlSet\Control\Lsa, create a new
DWORD value called LMCompatibility, and set its value to 3.
Windows Me seems to accept a value of 5 as well.

Windows must be restarted for the change to take effect.

Registry edit - Windows NT 4.0, 2000, and XP

In the registry key HKLM\System\CurrentControlSet\Control\Lsa, edit the
DWORD value called LMCompatibilityLevel, and set its value to 3 or higher.

You do not need to restart for this change to take effect.