Microsoft small business knowledge base

Article ID: 946405 - Last Review: February 12, 2009 - Revision: 2.0


When you add a Windows Server 2008-based domain controller to an existing pre-Windows Server 2008 domain that uses the default domain policies, client computers in the domain may not work correctly.


This problem may occur if the Security Templates files for the NoLMHash policy setting on the Windows Server 2008-based domain controller do not match the Security Templates files for the NoLMHash policy setting on the pre-Windows Server 2008-based domain controllers.

When you perform a clean install of Windows Server 2008 and then install the Active Directory directory service on the computer, the Security Templates files are changed to enable the NoLmHash policy.

If you add Windows Server 2008 as the domain controller to an existing domain by using the default domain policy, the NoLMHash policy of the existing domain controller is disabled. Additionally, the NoLMHash policy in Windows Server 2008 is enabled.


If a client that requires LMHash exists in the domain, disable the NoLMHash policy in Windows Server 2008.

To disable the NoLMHash policy by using Group Policy in Windows Server 2008, follow these steps:
  1. Click Start, click Control Panel, click Administrative Tools, and then click Local Security Policy.
  2. Expand Security Settings, expand Local Policy, and then click Security Options.
  3. In the list of the available policies, double-click Network Security: Do not save the value of hash of LAN in the next password change.
  4. Click Disable, and then click OK.


For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
299656  ( ) How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
823659  ( ) Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments

  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard
kbexpertiseadvanced kbtshoot kbprb KB946405
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support