Establish an NTLM SSP by default during authentication

georg maister 0 Reputation points
2023-01-28T11:39:26.24+00:00

Problem: how to establish an SSP in the NTLM protocol mandatory, without the possibility of disabling it on the receiving side(server).

Where and what parameters need to configure? Is it in Group Policy or Registry? My team didn't find it.
The parameters known to me, such as "Minimum session security for NTLMSSP based (including secure RPC) servers" and "Minimal session security for NTLM SSP based (including secure RPC) clients", do not make the use of SSP mandatory, because we can disable it for example with the help of the linux program "responder" and the "—lm" or "—disable-ess" key.

I will be very grateful for your help!

Thank you!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,850 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,720 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,916 Reputation points
    2023-01-28T14:28:50.2733333+00:00

    Hi,

    Please check this process over here and you can deploy via the GPO make sure all the settings are enabled as per the article and legacy clients will be impacted so if you have any old OS it will be impacted so please test out before you implement - https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments