Share via

Enabling "Send NTLMv2 Response only. Refuse LM & NTLM" Settings in Domain Controllers

Russell Ang 66 Reputation points
2022-10-10T03:34:30.113+00:00

Hi All,

Could you help to advise on below GPO setting. What will be the impact after enable this setting?

Enabling "Send NTLMv2 Response only. Refuse LM & NTLM" Settings in Domain Controllers

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,436 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,245 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,511 Reputation points
    2022-10-10T14:45:00.933+00:00

    Hi,

    The following link outlines the different options for this GPO:

    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

    Here's what it says:

    Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they'll accept only NTLMv2 authentication.

    --------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--