Hi, I looked wide and far, but all what Ive found is: Windows NT 4.0, Service Pack 4 and higher, Windows 2000, and 32-bit editions of Windows XP have LM Compatibility Level set to 0 by default. Windows Server 2003 and Windows XP 64-bit edition have it set to 2 by default. Are these levels automatically changed when a box is used as DC? If yes, to what values? Where could one find info for Vista, Windows 7, and WinServer2008 readily available? Thank you, --Leon.

SettingDescriptionRegistry Security Level Send LM & NTLM responses Clients use LM and NTLM authentication and never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 0 Send LM & NTLM use NTLMv2 session security if negotiated Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 1 Send NTLM response only Clients use NTLM authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 2 Send NTLMv2 response only Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 3 Send NTLMv2 response only.Refuse LM Clients use NTLMv2 authentication only. NTLMv2 session security is used if the server supports it. Domain controllers refuse to accept LM authentication and will accept only NTLM and NTLMv2 authentication. 4 Send NTLMv2 response only. Refuse LM & NTLM Clients use NTLMv2 authentication only NTLMv2 session security is used if the server supports it. Domain controllers refuse to accept LM and NTLM authentication and will accept only NTLMv2 authentication. 5 http://technet.microsoft.com/en-us/library/dd349805.aspx

Thank you for your response, Shems. But my question was about the default settings. Once again: Where could one find info for Vista, Windows 7, and WinServer2008?

Information on that doesn't seem readily available. Since win 7 is close family of server 2008, I figure the compatibility levels are similar.Creativity cannot be taught, but it can be learned.

Client-Side LMCompatibilityLevel Impact Client Server Level Group Policy Name Sends Prohibits Sending Accepts Prohibits Accepting Description: 0 Send LM and NTLM Responses LM, NTLM NTLMv2 Session Security LM, NTLM, NTLMv2 Client computers send LM responses and NTLM responses. Client computers never use NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 1 Send LM and NTLM—use NTLMv2 session security if negotiated LM & NTLM. NTLMv2 Session Security if server supports NTLMv2 LM, NTLM, NTLMv2 Client computers use LM authentication and NTLM authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 2 Send NTLM response only NTLM. NTLMv2 Session Security if server supports LM and NTLMv2 LM, NTLM, NTLMv2 Client computers use only NTLM authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 3 Send NTLMv2 response NTLMv2. NTLMv2 Session Security if server supports LM and NTLM LM, NTLM, NTLMv2 Client computers use only NTLMv2 authentication. Client computers use NTLMv2 'session security' if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. Server-Side LMCompatibilityLevel Impact Client Server Level Group Policy Name Sends Prohibits Sending Accepts Prohibits Accepting Description: 4 Send NTLMv2 response only/refuse LM NTLMv2. NTLMv2 Session Security if server supports LM and NTLM NTLM & NTLMv2 LM Client computers use only NTLMv2 authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers refuse LM authentication and NTLM authentication. Domain controllers accept only NTLMv2 authen 5 Send NTLMv2 response only/refuse LM and NTLM NTLMv2. NTLMv2 Session Security if server supports LM and NTLM NTLMv2 LM & NTLM Client computers use only NTLMv2 authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers refuse LM authentication and NTLM authentication. Domain controllers accept only NTLMv2 authen

Client-Side LMCompatibilityLevel Impact Client Server Level Group Policy Name Sends Prohibits Sending Accepts Prohibits Accepting Description: 0 Send LM and NTLM Responses LM, NTLM NTLMv2 Session Security LM, NTLM, NTLMv2 Client computers send LM responses and NTLM responses. Client computers never use NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 1 Send LM and NTLM—use NTLMv2 session security if negotiated LM & NTLM. NTLMv2 Session Security if server supports NTLMv2 LM, NTLM, NTLMv2 Client computers use LM authentication and NTLM authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 2 Send NTLM response only NTLM. NTLMv2 Session Security if server supports LM and NTLMv2 LM, NTLM, NTLMv2 Client computers use only NTLM authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. 3 Send NTLMv2 response NTLMv2. NTLMv2 Session Security if server supports LM and NTLM LM, NTLM, NTLMv2 Client computers use only NTLMv2 authentication. Client computers use NTLMv2 'session security' if the server supports NTLMv2 session security. Domain controllers accept LM authentication, NTLM authentication, and NTLMv2 authentication. Server-Side LMCompatibilityLevel Impact Client Server Level Group Policy Name Sends Prohibits Sending Accepts Prohibits Accepting Description: 4 Send NTLMv2 response only/refuse LM NTLMv2. NTLMv2 Session Security if server supports LM and NTLM NTLM & NTLMv2 LM Client computers use only NTLMv2 authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers refuse LM authentication and NTLM authentication. Domain controllers accept only NTLMv2 authen 5 Send NTLMv2 response only/refuse LM and NTLM NTLMv2. NTLMv2 Session Security if server supports LM and NTLM NTLMv2 LM & NTLM Client computers use only NTLMv2 authentication. Client computers use NTLMv2 session security if the server supports NTLMv2 session security. Domain controllers refuse LM authentication and NTLM authentication. Domain controllers accept only NTLMv2 authen

Hi Leon, Defaults: WinXP - LM Compat 0 WinNT - LM Compat 0 Win03 - LM Compat 2 Win7/Vista/Win08/Win08R2 - LM Compat 3 Check out this simple visual description for LM Compat levels: http://www.dynamictechsol.com/lm-compatibility http://www.dynamictechsol.com/ntlm-background-more-data

Hi Leon, Defaults: WinXP - LM Compat 0 WinNT - LM Compat 0 Win03 - LM Compat 2 Win7/Vista/Win08/Win08R2 - LM Compat 3 Check out this simple visual description for LM Compat levels: http://www.dynamictechsol.com/lm-compatibility http://www.dynamictechsol.com/ntlm-background-more-data