Enterprise Administration Guide › Implementing Privileged Accounts › PUPM Endpoint and Privileged Account Creation › Create an Endpoint › Windows Agentless Connection Information › Configure Windows Agentless Endpoints for PUPM › Challenge and Response Authentication Protocol Restrictions

Challenge and Response Authentication Protocol Restrictions

Valid on Windows Agentless endpoints

Challenge/response authentication protocols for network login affect the level of authentication protocol and the session security that endpoints use for client/server communication. There are three types of Windows challenge/response authentication protocols for network login:

• LM—LAN Manager challenge/response
• NTLM—Windows NT challenge/response
• NTLMv2—A second version of NTLM

The LAN Manager authentication level setting controls the challenge/response authentication protocol that the endpoint uses. The default value for this setting is Send LM & NTML responses. The Enterprise Management Server can communicate with Windows endpoints only when the value of the LAN Manager authentication level setting is Send LM & NTML responses. For example, the Enterprise Management Server cannot communicate with a Windows endpoint when the value of this setting is Send NTLMv2 response only\refuse LM & NTLM.

You can create a Windows Agentless endpoint only if the LAN Manager authentication level setting on the endpoint is Send LM & NTML responses. If you cannot create a Windows Agentless endpoint, you may need to change the challenge and response authentication protocol on the endpoint.