What is the default LmCompatibilityLevel for Windows Server 2012, 2016 and 2019?

Question

What is the default LmCompatibilityLevel applied to Windows Server 2012, 2016 and 2019 if it is not explicitly set in the registry at HKLM\SYSTEM\CurrentControlSet\Control\Lsa?

https://social.msdn.microsoft.com/Forums/en-US/41ed0ba1-6a0f-4d5d-87de-401082a10a0c/what-is-the-default-level-setting-for-ntlmv2-for-different-windows-editions?forum=os_windowsprotocols suggests it should be 3 as Windows Server 2008 r2 is stated to use 3 (by Microsoft employee). However it would be useful to have it spelt out explicitly for Windows Server 2012, 2016 and 2019.

Thanks!

Answer 1

Hi @John Busch •

By default , the LM and ntlmv1 is not disabled so the value is 3 which accept LM and NTLMv1 and use NTLMV2 if the server support it.

You have to use GPO or registry key ,if you want disable NTLMv1 and LM (the value 4 or 5) .

Please don't forget to mark helpful answer as accepted

Answer 2

Hello there,

The default level value for LmCompatibilityLevel for each version of Windows is as follows:

Windows XP: 0 Windows 2003: 2 Vista/2008 3 Win7/2008 R2 3

Since 2019 is after 2008, the default value for Windows Server 2012 should also be 3.

Increasing the LMCompatibilityLevelabove 3 on a client will make no difference, but it can be lowered if there is a need to communicate with very old servers.

Similar discussion here https://learn.microsoft.com/en-us/answers/questions/1091231/what-is-the-defualt-lan-manager-authentication-lev

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--