Authenticate Windows 7 Ultimate

| Posted on by



Kerberos Version 5 is the default authentication protocol in Windows Server 2008, and Kerberos, in several versions, is the default authentication protocol over much of the Internet. This means that the same authentication routines in Windows Server 2008 can validate both a local Windows Server 2008 client and an Internet-connected UNIX client. The machine is running Windows 7 Ultimate, Service Pack 1, IIS 7.5. The site has been tested successfully, using both IIS and the VS Web Development Server. The IIS site config has all authentication methods disabled except Windows Authentication. The local machine is not on any domain.

We can log on to a Windows 7 computer with a finger swipe. The only thing you need to have on your laptop is a fingerprint scanning biometric device. In this post we take you through how to configure finger print logon and the related settings for it.

1. First check if you have a biometric device detected by Windows 7. Open Control panel -> Biometric devices. Your fingerprint scanning device should be listed here as shown below.

2. Click ‘Change biometric settings’ from the menu on the left side. Ensure that biometrics is on and users are allowed to log on to both local computer and domain using biometric devices.

3. Come back to the biometric devices windows and click ‘Use your fingerprint with Windows‘. If you have already enrolled, the link will be displayed as ‘mange your fingerprint data‘(see the above pic).

4. The next steps will depend on your fingerprint device make. But typically you would need to provide your Windows login password and then get your finger prints scanned. On my ThinkPad laptop which has TouchChip fingerprint scanner, I had to do the following to enable fingerprint login.

  • Entered my account password.
  • Selected the finger I wanted to use for logon, did multiple finger swipes to feed in the finger prints.
  • Closed the finger print software application.

You will have to do similar steps on your Windows 7 computer. After doing these, you can see the status as ‘Enrolled‘ in the biometric devices window. From now on you can use fingerprint login as an alternative to password login.

How to disable fingerprint log on?

Open Biometric devices from Control panel. Go to ‘Change biometric settings’. Select ‘biometrics off

How to enable/disable finger print logon using group policy?

The group policy settings for biometric usage can be found in the below path.

Computer Configuration -> Administrative templates -> Windows components -> Biometric devices.

To disable fingerprint login, you can configure the setting ‘Allow users to log on using biometrics’ to disabled.

I can’t change biometric settings. On/Off buttons are greyed out.

It means that the settings are configured by administrator of the system/domain using group policies. If you are administrator of the local system, check the settings mentioned in the answer for the previous question.

Symptom

Windows 7 Browser prompts with window for username/password every time when tried to access outside web page through ISA Server.
Does anyone have a hint about this issue ?

Background

Client is the Windows 7 Home, does not join the domain. The company’s proxy, ISA server 2006 was part of one domain. So, when I tried to connect to the ISA proxy it was not possible to be authenticated in it.
I disabled the windows integrated authentication in IE8 and ensure that input the correct credentials for the proxy, but it did not work, a message was shown telling that the proxy authentication failed.
I’ve try all the Windows 7 browsers, for example: IE version 8, FF version 16 and Chrome version 23.
The results of the testing is the same, a message proxy authentication failed.

Troubleshooting and Solution

  1. Try to check Date and Time, Timezone and recommend to use time server to synchronize your window time with it.
  2. Try to adjust and add parameters by choosing only 1 method
    1. Local Security Policy Editor
    2. Registry Editor
  3. Restart windows to take effect

Local Security Policy Editor

Activate Windows 7 Ultimate Using Batch File

The Local Security Policy Editor will only be available in the Windows 7 Professional, Ultimate, and Enterpise editions.
You will not have the Local Security Policy Editor available in the Windows 7 Starter and Home Premium editions.
So if your OS is based on Windows 7 Starter or Home Premium editions, try next method below !

  1. Click Start, then Run (or press [windows button] + [R] on the keyboard)
  2. Then type “gpedit.msc” , Goto Local Computer Policy → Windows Settings → Security Settings
    or shortcut by type “secpol.msc” This should bring up the Security Policy system window.
  3. On the left, select Local Policies → Security Options.
  4. On the right, scroll down to and double-click on each parameters :
    1. “Network Security: LAN Manager authentication level” change the setting to “Send LM & NTLM — Use NTLMv2 session security if negotiated”.
  5. Restart the computer
  6. If not work try to change more these parameters :
    1. “Network Security: Allow Local System to use computer identity for NTLM” change the setting to “Enabled”
    2. “Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients” to “No minimum”
    3. “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” to “No minimum”
  7. Restart the computer again

How To Authenticate Windows 10

Registry Editor

Authenticate Windows 7 Ultimate
  1. Click Start, then Run (or press [windows button] + [R] on the keyboard)
  2. Then type “regedit” or “regedt32” and OK, Registry Editor window bring up.
  3. On the left, Browse and goto HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
  4. Find LmCompatibilityLevel then set the value to 2, If the key does not exist, create a DWORD value named LmCompatibilityLevel and set the value to 2 to use NTLM and NTLMv2 if is negotiated
  5. If you are System Administrator, you can check which mode is used during authentication.
  6. Restart Windows to make changes to this entry effective

Authenticate Windows 7 Ultimate 64

LmCompatibilityLevel

Specifies the mode of authentication and session security to be used for network logons

Address and Data Type

Activate Windows 7 Ultimate 64 Bit Service Pack 1

Address : HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Type : REG_DWORD
Possible Value : 0 – 5
Default Value : 0

Table Values

ValueMeaning
0Clients use LM and NTLM authentication, but they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
1lients use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
2Clients use only NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM, and NTLMv2 authentication.
3Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
4Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controller refuses LM authentication responses, but it accepts NTLM and NTLMv2.
5Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controller refuses LM and NTLM authentication responses, but it accepts NTLMv2.
ISA Server Proxy Authentication issue with windows 7 Series