internet authentication in vista

Guest2 · 2 Nov 2009 at 13:54

We are currently trialing a new internet filter which has been setup by a external company. It is running in our building but we have not touched it and dont even know what OS is running on it.

People who are using XP set the proxy address and port number and it works fine. There are 2 users who have Vista and when using the same proxy address as those on XP internet comes up with 'authenication required'

It is nothing to do with being an administrator of that machine because they are both have local admin rights

Any ideas what Vista does behind the scenes to make this authentication come up? (or what XP doesnt do)

theheyes · 2 Nov 2009 at 16:33

Could be one of a number of things. You could do with finding out what OS the box is running (I'm guessing Linux) or just contact the company who installed it - if it is a trial they should be tripping over themselves to help you out if it means a sale.

Also, were the Vista boxes set up by yourself?

Guest2 · 2 Nov 2009 at 16:49

The vista boxes were not setup by me. We have the filter on trial until the end of the week only

I get a box similar to this for both vista machines (except - connecting to 192.168.10.120)

lumpeh · 2 Nov 2009 at 19:16

It does sound like NTLM failing on those - iirc vista defaults to NTLMv2 or something like that and you might have to set some policy on those desktops to force them to use the original version.

theheyes · 2 Nov 2009 at 20:43

lumpeh said:
It does sound like NTLM failing on those - iirc vista defaults to NTLMv2 or something like that and you might have to set some policy on those desktops to force them to use the original version.

Yes, this one of the possibilities I was thinking of. Unfortunately I can't recall which local policy setting you have to change off the top of my head.

Guest2 · 3 Nov 2009 at 09:03

Found some possible solutions. Here for future reference...

If you use using Windows Vista Home Premium you will need to make a small edit to the registry to downgrade to plain NTLM authentication.
Click the Windows menu and type "regedit" in the search field. Press return to launch Regedit. Navigate to :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel
And change value of the of default entry from 3 to 1. Click OK to save and you should be able to connect to your Mac clients and Servers.

If you are running Windows Vista Business or Ultimate you may use the "secpol.msc" applet (click the Windows menu and type it in the search field).
1. Open the Run command and type "secpol.msc".
2. Press "continue" when prompted by Vista.
3. Click on "Local Policies" --> "Security Options"
4. Navigate to the policy "Network Security: LAN Manager authentication level" and open it.
5. By default Windows Vista sets the policy to "NTVLM2 responses only". Change this to "LM and NTLM – use NTLMV2 session security if negotiated".