Do not store LAN Manager hash values on next password changes

Windows stores LAN Manager (LM) password hashes in the local Security Accounts Manager (SAM) database. These LM hashes are weak and can be easily decrypted to their clear-text format by attackers. To avoid this, prevent Windows from storing LM hashes by enabling the Network security: Do not store LAN Manager hash value on next password change policy.Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options