Microsoft® Windows® Security Resource Kit, Second Edition

Remove LM hashes. If LAN Manager authentication is not used on your network, remove the LM password hashes from all domain controllers and local computers.
Configure LM compatibility. Set the LM compatibility to the highest level that applications on your network will support.
Upgrade to Windows Server 2003 if you are using delegation. Because a computer that is trusted for delegation can use the credentials of any user who authenticates to it on any computer on the network, in Windows 2000 a security compromise of that computer could cause the compromise of the entire domain or forest. Constrained delegation greatly helps limit the potential damage if a computer that is trusted for delegation is compromised.

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team