Jump to content

Recommended Posts

As NTLM is vulnerable it is best to disable it. However is the option 1 (DC Setting) below as secure as the option 2 (Local Server Setting)?

I would like to go with option 1 because of the possible exception list but I am not sure if it gives the same security level as option 2? 

 

Any Idea? 

 

1) Restrict NTLM: NTLM authentication in this domain -> Deny for domain accounts to domain servers (Allow exception list) 

2) Network security: Restrict NTLM: Incoming NTLM traffic -> Deny all domain accounts

 

Thanks for any help. 

Share this post


Link to post

Hi, Microsoft recommends to set the following item

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security\LAN Manager authentication level
to the following value: Send NTLMv2 response only. Refuse LM & NTLM

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


Werbepartner:



×
×
  • Create New...