Enabling "Send NTLMv2 Response only. Refuse LM & NTLM" Settings in Domain Controllers

Russell Ang 66 Reputation points
2022-10-10T03:34:30.113+00:00

Hi All,

Could you help to advise on below GPO setting. What will be the impact after enable this setting?

Enabling "Send NTLMv2 Response only. Refuse LM & NTLM" Settings in Domain Controllers

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,501 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,400 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,263 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,975 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,416 Reputation points
    2022-10-10T14:45:00.933+00:00

    Hi,

    The following link outlines the different options for this GPO:

    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

    Here's what it says:

    Client devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they'll accept only NTLMv2 authentication.

    --------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--