Allow connection fallback to NTLM

Tathagata Bhattacharya 125 Reputation points
2024-05-16T12:12:08.5166667+00:00

Hi,

Presently in our environment "Allow connection fallback to NTLM is enabled" and we are getting a notification stating it can be a security risk.

Can you please recommend if we should leave it enabled or we should disable it.NTLM.jpg

Thank you.

Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
922 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 15,455 Reputation points MVP
    2024-05-16T12:29:53.6433333+00:00

    If you disable it, you are risking your workloads that do not support Kerberos to break.

    Rather than disabling it, you should track the usage of NTLM in your environment and address it proactively

    Details at https://4sysops.com/archives/auditing-and-restricting-ntlm-authentication-using-group-policy/


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


1 additional answer

Sort by: Most helpful
  1. Mike Berry 1 Reputation point
    2024-06-10T12:57:37.0666667+00:00

    Im getting the same notification but definitely dont have this enabled. I have 4 primary sites where this has been disabled for a loooong time, and yet this notification is appearing at console-launch. Anybody seen that before?

    0 comments No comments