Jump to content

GPO Settings NTLM


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Recommended Posts

As NTLM is vulnerable it is best to disable it. However is the option 1 (DC Setting) below as secure as the option 2 (Local Server Setting)?

I would like to go with option 1 because of the possible exception list but I am not sure if it gives the same security level as option 2? 

 

Any Idea? 

 

1) Restrict NTLM: NTLM authentication in this domain -> Deny for domain accounts to domain servers (Allow exception list) 

2) Network security: Restrict NTLM: Incoming NTLM traffic -> Deny all domain accounts

 

Thanks for any help. 

Link to post

Hi, Microsoft recommends to set the following item

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security\LAN Manager authentication level
to the following value: Send NTLMv2 response only. Refuse LM & NTLM

Link to post
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...