none
windows 7 and NT 4 server - workaround

    Question

  • There is reference on the Internet to folks who have played around with various settings related to security levels, encryption, SMB, etc. to successfully connect a Windows 7 computer to an NT 4 domain. which according to MS is not supported  I am always dubious of claims made in general forums.  I know that according to official MS, Windows 7 was designed not to do this (or perhaps differently phrased not designed to do this).  I don't care about security issues in the situation I am contemplating where I could use this so if overall security gets lowered, encryption, etc. no problem.
    Tuesday, February 16, 2010 7:04 AM

Answers

  • click the start button and type secpol.msc in the search function.

    Browse to "Local Policies" -> "Security Options".  Now look for the entry "Network Security: LAN Manager authentication level" and open it.  Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated".  Apply the settings.

     

    In the Advanced sharing settings page of Network and sharing center, you need to have it set as Work/Home profile.  Try
    Make sure computers are the same workgroup for now (you can change it later)
    Enable network discovery
    Turn on  file and print sharing
    Turn off password protected sharing
    Turn on Use user accounts and passwords to connect to other computers

    The other settings such as encryption I have set as use 128 bit encryption, you may need lower.

    Please check related policies.


    If a HOME version of win 7

    1. Launch regedit from Start Search box.
    2. Find the following branch.
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    3. Create a DWORD key under Lsa and set:

    Name: LmCompatibilityLevel
    Value: 1

    4. Restart.

    Tuesday, February 16, 2010 10:42 AM
  • Hi,

     

    If your Windows 7 is Windows 7 Professional, Enterprise, or Ultimate Edition, I think you can also add Windows XP Mode to the Windows NT 4.0 domain to access the resources.

     

    To get Windows XP Mode, please visit the following webpage:


    Download Windows XP Mode

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Wednesday, February 17, 2010 8:53 AM
    Moderator

All replies

  • click the start button and type secpol.msc in the search function.

    Browse to "Local Policies" -> "Security Options".  Now look for the entry "Network Security: LAN Manager authentication level" and open it.  Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated".  Apply the settings.

     

    In the Advanced sharing settings page of Network and sharing center, you need to have it set as Work/Home profile.  Try
    Make sure computers are the same workgroup for now (you can change it later)
    Enable network discovery
    Turn on  file and print sharing
    Turn off password protected sharing
    Turn on Use user accounts and passwords to connect to other computers

    The other settings such as encryption I have set as use 128 bit encryption, you may need lower.

    Please check related policies.


    If a HOME version of win 7

    1. Launch regedit from Start Search box.
    2. Find the following branch.
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    3. Create a DWORD key under Lsa and set:

    Name: LmCompatibilityLevel
    Value: 1

    4. Restart.

    Tuesday, February 16, 2010 10:42 AM
  • Hi,

     

    If your Windows 7 is Windows 7 Professional, Enterprise, or Ultimate Edition, I think you can also add Windows XP Mode to the Windows NT 4.0 domain to access the resources.

     

    To get Windows XP Mode, please visit the following webpage:


    Download Windows XP Mode

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Wednesday, February 17, 2010 8:53 AM
    Moderator
  • Bubbapcguy's solution worked.

    I have Windows 7 HOME edition and I finally got it to work by doing what he said:

     

    If a HOME version of win 7

    1. Launch regedit from Start Search box.
    2. Find the following branch.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    3. Create a DWORD key under Lsa and set:

    Name: LmCompatibilityLevel
    Value: 1

    4. Restart.

     

    A few notes on my experience. We did this and it would'nt work for some reason. When you modify the value you have the option to select a BASE of Hexadecimal or Decimal. By default is selects hexadecimal. We decided to do it selecting decimal to see what happened. After rebooting it worked! Now the strange part. We went back in to look for fun and the value was back to hexadecimal. Weird.

    Also the first time we did this we seleced to create a new DWORD and it didn't work. When we went back in is had created a QWORD instead. There were 2 of us working on this and we are positive that when we selected DWORD and then went back in to check after rebooting it was a QWORD, AND same thing on the hexadecimal vs decimal base... we selected decimal and upon rebooting it was hexadecimal. I swear it's what happened.

    The long and short though is the the above instructions works. You may have to play around a few times because it was strange how it changed stuff on us, but it worked. Huge thanks!

    • Proposed as answer by Lorena Velasco Tuesday, September 20, 2011 8:52 PM
    Thursday, September 1, 2011 10:40 PM
  • click the start button and type secpol.msc in the search function.

    Browse to "Local Policies" -> "Security Options".  Now look for the entry "Network Security: LAN Manager authentication level" and open it.  Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated".  Apply the settings.

     

    In the Advanced sharing settings page of Network and sharing center, you need to have it set as Work/Home profile.  Try
    Make sure computers are the same workgroup for now (you can change it later)
    Enable network discovery
    Turn on  file and print sharing
    Turn off password protected sharing
    Turn on Use user accounts and passwords to connect to other computers

    The other settings such as encryption I have set as use 128 bit encryption, you may need lower.

    Please check related policies.


    If a HOME version of win 7

    1. Launch regedit from Start Search box.
    2. Find the following branch.
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    3. Create a DWORD key under Lsa and set:

    Name: LmCompatibilityLevel
    Value: 1

    4. Restart.

     

    It worked perfect, I just had to change the security setting on the Windows 7 machine, after that I mapped the Windows NT machine shared folder sucessfuly. Thanks.


    Tuesday, September 20, 2011 8:54 PM
  • What if it is a Pro Version of win 7?
    Monday, October 8, 2012 8:20 PM
  • click the start button and type secpol.msc in the search function.

    Browse to "Local Policies" -> "Security Options".  Now look for the entry "Network Security: LAN Manager authentication level" and open it.  Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated".  Apply the settings.

    I use this method and ı see on windows 7  in shared folder on win nt .

    Thanks.

    Friday, November 21, 2014 2:12 PM
  • I CAN confirm this works - Setting the LAN Manager authentication level on Windows 7 Professional AND Windows Server 2012

    Thanks so much! Nearly thought buying an NT4.0 Server to communicate between DOS boxes and Windows machines was a waste of money.

    Thursday, October 22, 2015 5:11 PM