The Best Damn Windows Server 2003 Book Period- P13:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings many new features and improvements that make the network administrator’s job chapter will briefly summarize what’s new in 2003 and introduce you to the four members of the Windows Server 2003 family: the Web Edition, the Standard Edition, the Enterprise Edition, and the Datacenter Edition. | 86 Chapter 4 Security Templates and Software Updates A system configured with the Default security template or not configured with any security modifications will send LAN Manager and NTLM responses. Workstations do not have a defined configuration meaning they will follow the server requests. Implementing security templates affects the use of LAN Manager and NTLM authentication used by the systems. Security settings determine which authentication protocol is used for network logons. The security settings determine the authentication protocol used by clients the level of security negotiated and the level of authentication accepted by servers. Figure shows the options available through the Network security LAN Manager authentication level security configuration setting. Figure Setting the Network Security LAN Manager Authentication Level Options The Network security LDAP client signing requirements security setting establishes the degree of data signing used in LDAP BIND requests. Digital signing is a method used to validate data integrity. This method uses keys to generate a hash of the actual data. This method of hashing or encrypting the data provides a mechanism to verify data integrity. If the data is modified in any way the hash will not match. This ensures that data received by a client is the actual data sent by the default setting is Negotiate signing. The three levels of LDAP client signing are None Options are specified by the caller. Negotiate signing If Transport Layer Security Secure Sockets Layer TLS SSL is not being used LDAP BIND requests occur with the LDAP data signing option set along with the options specified by the caller. If TLS SSL is used the LDAP BIND requests occur with the options that are specified by the caller. This is the default. Require signature If the client and server configurations do not match in this case the client will receive an LDAP BIND request failed and the client will be unable to connect to the .
