Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. XIMS: Where to Enable NT Challenge Response for POP3

XIMS: Where to Enable NT Challenge Response for POP3

View products that this article applies to.

Summary

This article shows how and where to enable Windows NT Challenge Response (NTLM) for Exchange Server. NT Challenge Response security is intended to work with the Secure Password Authentication offered by Microsoft e-mail clients, such as Outlook Express. This offers a higher degree of security than Basic Clear Text, which is more vulnerable to being discovered and used.

↑ Back to the top

More information

To use Secure Sockets Layer security (SSL), which is equivalent to TLS, Transport Layer Security, you need to have Internet Information Server (IIS) installed along with the Private/Public Key Pair that has been certified by a Certificate Authority (CA).

To enable NTLM security, there are two locations in Exchange Server that need to be explained. POP3 can be implemented and controlled at the server level and/or at the site level. Enabling POP3 at the server level means that the protocol and settings are specific to that server. Enabling POP3 at the site level means any server in the site can use site default settings. Using site level settings frees an administrator from having to configure each server individually when there is a site-wide change.

Enabling NTLM and POP3 Protocol at the Server Level

  1. Start the Exchange Server Administrator program.
  2. Expand on Organization\Site\Configuration\Servers\<your server>\Protocols to the Server Protocols object.
  3. Select the Protocols object. On the right pane, you will see the POP3 (Mail) Settings object. Double-click it, and the properties for the POP3 protocol on this server will be displayed.
  4. On the General tab, clear the "Use Site defaults for all properties" check box. The server will now be using server-specific POP3 settings.
  5. Click the "Enable Protocol" check box. The POP3 protocol is now enabled at this server. You do not have to restart.
  6. Click the Authentication tab. There are two options for enabling NT Challenge Response--with and without SSL security. If you do not require SSL, click only the "NT Challenge Response" check box. If you require SSL, then click only the "NT Challenge Response Using SSL" check box.

Enabling NTLM and POP3 Protocol at the Site Level.

  1. Follow steps 1 through 3 above, then on the General tab, click the "Use Site Defaults for All Properties" check box. The server will now be using the site POP3 default Settings.
  2. Expand on Organization\Site\Configuration\Protocols to the Site Protocols object.
  3. Select the Protocols object. On the right pane, you will see the POP3 (Mail) Site Defaults object. Double-click it, and the properties for the POP3 protocol for the site will be displayed.
  4. On the General tab, click the Enable Protocol check box. The POP3 protocol is now enabled for the Site. You do not have to restart.
  5. Click the Authentication tab. There are two options for enabling NT Challenge Response--with and without SSL security. If you do not require SSL, click only the "NT Challenge Response" check box. If you require SSL, then click only the "NT Challenge Response Using SSL" check box.

↑ Back to the top

Properties

Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

↑ Back to the top

Keywords: KB192510, kbhowto

↑ Back to the top

Article Info
Article ID : 192510
Revision : 6
Created on : 10/28/2006
Published on : 10/28/2006
Exists online : False
Views : 274