Stronger Authentication for Windows 95


In a recent post, I suggested that maybe it was time to let go of Windows 95. After all, newer printers don’t support it, Windows Update (WU) no longer works on it, and it has considerable difficulty accessing network shares in a modern network.

In another post, I suggested that, at the cost of weakening network security, I could get a Windows 95 PC to access network shares on a FreeNAS server, but not a ReadyNAS server. Why one and not the other? Well, it’s possible to enable the LANMAN authentication protocol on FreeNAS, but not on ReadyNAS. The ReadyNAS adopts the NTLMv2 protocol for authentication.

Sketch lanman 3

What if, for some extraordinary reason, you still had to have that one  Windows 95 PC on your network. Maybe you have some legacy hardware connected to it that uses software specifically designed for Windows 95. Could that PC still participate in network activity without compromising security?

I’ve been trying to get the servers to speak LANMAN, the weaker authentication protocol the Windows 95 PC understands. Instead, would it be possible to get the Windows 95 PC to speak NTLMv2, the stronger authentication protocol understood by the servers? Well you know, ‘If the mountain won’t go to Muhammad, then Muhammad must go to the mountain’.

Fortunately, there is a way, but it isn’t all that obvious and made all the more challenging because WU no longer works. After extensive experimentation, this is what I’ve determined.

Two patches are required:

  1. NTLM2 and Active Directory Update; and
  2. Winsock 2 Update.

You can find these here.

Follow these steps:

  1. Unpack NTLM2 and Active Directory Update. Three directories will be created – Active Directory Update, Enable NTLM2 and NTLM2 – Minimum. Ignore the last of these.
  2. Run Setup.exe from the directory Active Directory Update to install the Directory Services Client.
  3. From the directory Enable NTLM2, run the file ntlm2-95.reg to update registry entries that force the Windows 95 client to send NTLMv2 responses.
  4. Unpack the Winsock 2 Update and run the file W95ws2setup.exe.
  5. Reboot.

After logging back in, Presto!, you will magically able to access file resources on your network. I was able to access files on both FreeNAS and ReadyNAS servers on my network. I’ve reworked and expanded the above table to reflect what I’ve found now possible. The table below summarises my experiences with several legacy Windows clients to this point.

Sketch - Share 2

References

  1. Is there still life in Windows 95?
  2. Puzzling share access behaviour
  3. WinWorld: Windows 95 Patches 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s