Windows XP automatically searches the network for shares and printers upon
connecting to the network. This is probably useful in a SOHO or home network but
not the enterprise. To disable XP automatic discovery:
- In Explorer, click Tools
- Click Folder Options
- Click the View tab,
- Uncheck Automatically Search for Network Folders and
Printers in Advanced settings list.
this setting in Windows XP because it is the basis of a seriouse security flaw
in XP. When you click My Network Places, your logon
password may be transmitted automatically to numerous unspecified computers on
the LAN. Windows XP tries to acquire the shared resources list of all computers
on the LAN. At that time, the users local logon password is used when the
password for the shared resource is not known. Your PC transmits the LMhash
version of you password.
If there are NT4.0 or any other pre-Windows 2000 PCs on the LAN, XP will
transmit your password to the pre-Windows 2000 PCs during its share and print
search. It transmits the LM hash which is significantly weaker than XP or
Windows 2000 hashes. In order to protect the LM hash, XP has a registry value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash which if set to
1 will prevent XP or Windows 2000 from generating the LM hash. pwdump will not
be able to acquire the LM hash, which is a good thing.
Saddly, NoLMHash does not affect LM authentication. Even if NoLMHash has been
set, XP will still transmit the LM hash to a NT4.0 machine when My Network Places is clicked.
There are tools to capture LM hashes on the LAN, among others : LMscoop.