Coding Horror: “Unfortunately, Windows servers are particularly vulnerable to rainbow table attack, due to unforgivably weak legacy Lan Manager hashes. I’m stunned that the legacy Lan Manager support ‘feature’ is still enabled by default in Windows Server 2003. It’s highly advisable that you disable Lan Manager hashes, particularly on Windows servers which happen to store domain credentials for every single user. It’d be an awful shame to inconvenience all your Windows 98 users, but I think the increase in security is worth it.”

See also: [10 Immutable Laws of Security](http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true)