###### tags: `security` `windows` `policy`
# windows network security policy
## security setting
### Edit Local Computer Policy
| Policy | Security Setting | Registry | Registry Values |
| ---------------- | ---------------- | ---------------- | ---------------- |
| Network security: Do not store LAN Manager hash value on next password change | Enabled | NoLMHash | 4,1 |
| Network security: LAN Manager authentication level | Send NTLMv2 response only\refuse LM & NTLM| LmCompatibilityLevel | 4,5 |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | Require NTLMv2 session security| NTLMMinClientSec | 4,537395200 |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | Require NTLMv2 session security| NTLMMinServerSec | 4,537395200 |
## export security configure
1. excute 'cmd' or 'PowerShell' by Administrator
2. export security policy
`secedit /export /cfg C:\Users\(Username)\Desktop\secpol.cfg`
replace your name with (username) above
4. confirm 4 securty polocy in registry
* LmCompatibilityLevel
* NoLMHash
* NTLMMinClientSec
* NTLMMinServerSec
### Possible values
#### LmCompatibilityLevel
| Setting | Description | Registry security level |
| ------- | ----------- | ----------------------- |
| Send LM & NTLM responses | Client devices use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication | 0 |
| Send LM & NTLM – use NTLMv2 session security if negotiated | Client devices use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. | 1 |
| Send NTLM response only | Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. | 2 |
| Send NTLMv2 response only | Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. | 3 |
| Send NTLMv2 response only. Refuse LM | Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they'll accept only NTLM and NTLMv2 authentication. | 4 |
| Send NTLMv2 response only. Refuse LM & NTLM | Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they'll accept only NTLM and NTLMv2 authentication. | 5 |
#### NoLMHash
| Setting | Description | Registry security level |
| ------- | ----------- | ----------------------- |
| | SAM stores the message digest of the user's password. | 0 |
| | SAM does not store the message digest of the user's password. | 1 |
#### NTLMMinClientSec
| Setting | Description | Registry security level |
| ------- | ----------- | ----------------------- |
| | | 0 |
#### NTLMMinServerSec
| Setting | Description | Registry security level |
| ------- | ----------- | ----------------------- |
| | | 0 |
Sign in with Wallet
Connect another wallet