The MS-CHAP version 1 authentication protocol has been deprecated in Windows Vista

The MS-CHAP version 1 authentication protocol has been deprecated in Windows Vista

Article ID : 926170
Last Review : March 15, 2007
Revision : 2.3

INTRODUCTION

The Microsoft Challenge Handshake Authentication Protocolversion 1 (MS-CHAP v1) has been deprecated in Windows Vista. This article discusses this change and provides methods to work around it.

MORE INFORMATION

In Windows Vista, Microsoft has removed MS-CHAP v1 from the list of authentication protocols for dial-up connections, for broadband (PPPoE) connections, and for virtual private network (VPN) connections. This change has been made because MS-CHAP version 2 (MS-CHAP v2) provides better security than the following protocols do:

• MS-CHAP v1
• The Challenge Handshake Authentication Protocol (CHAP)

Note CHAP provides an equivalent level of security to MS-CHAP.

• The Password Authentication Protocol(PAP)

Note PAP is less secure than MS-CHAP.

Microsoft Windows 2000 and later operating systems support MS-CHAP v2, CHAP and PAP. By default, both CHAP and MS-CHAP v2 are enabled for dial-up and PPPoE connections in Windows Vista.

If you used the Set up a connection or network wizard in Windows Vista to create a network connection, you can use the Network Sharing Center to enable or disable PAP, CHAP and MS-CHAP v2. To do this, follow these steps:

1. Open the Network Sharing Center. To do this, click Startthe, type network sharing center in the Start Search box, and then click Network Sharing Center in the Programs list.
2. Click Manage network connections.
3. In the Network Connections window, right-click the name of the connection that you want to change, and then click Properties.
4. In the User Account Control dialog box, click Continue.
5. In the Connection Properties dialog box, click to select the Security tab, click Advanced (Custom Settings), and then click Settings.
6. In the Advanced Security Settings dialog box, click to either enable or disable the options for PAP, CHAP and MS-CHAP v2, and then click OK.

If you used the Connection Manager Administration Kit in Windows Vista to create a network connection, you can edit the .cms file for the connection to enable or disable PAP, CHAP and MS-CHAP v2. To do this, follow these steps:

1. Click Startthe, type notepad in the Start Search box, and then click Notepad in the Programs list.
2. In the File menu, click Open.
3. If the connection can be used by all users of the computer, type the following text in the File name box, and then click Open:

%USERPROFILE% AppData Roaming Microsoft network connections _hiddencm MSCM-VPN ConnectionName.cms

If the connection can be used only by a single user, type the following in the File name box, and then click Open:

%USERPROFILE% AppData Roaming Microsoft network connections Cm ConnectionName.cms

Note In this step, ConnectionName is the name of the connection.

4. Use one of the following methods:

• To enable PAP, locate the Require_PAP values in the [Server&EntryName] section and in the [Server&TunnelDUN] section, and set the values to 1. To disable PAP, set these values to 0.
• To enable CHAP, locate the Require_CHAPvalues in the [Server&EntryName] section and in the [Server&TunnelDUN] section, and set the values to 1. To disable CHAP, set these values to 0.
• To enable MS-CHAP v2, locate the Require_MSCHAP2 values in the [Server&EntryName] section and in the [Server&TunnelDUN] section, and set the values to 1. To disable MS-CHAP v2, set these values to 0.
5. In the File menu, click Save.

APPLIES TO
• Windows Vista Business
• Windows Vista Enterprise
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Windows Vista Enterprise 64-bit edition
• Windows Vista Home Basic 64-bit edition
• Windows Vista Home Premium 64-bit edition
• Windows Vista Ultimate 64-bit edition
• Windows Vista Business 64-bit edition

Back to the top

Keywords: 
kbtshoot kbexpertiseinter kbexpertiseadvanced kbinfo KB926170

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image