Forcing NTLM on IISWebsite

1) Go to IISManager and find the identifier for your Web Site. Click on the web sites folder in IISManager and on the left side you should get the list of web sites and their identifier

(2) Open a command prompt and runt the following 3 commands. Change the <identifier> with the identifier value found in the previous step
cd c:\inetpub\adminscripts
cscript adsutil.vbs set w3svc/ <identifier>/ root/NTAuthenticationProviders "NTLM"
iisreset

 

NOTE:

(1) if you want to set NTLM at a virtual direcotry level then use the below command and replace <virtualdirectoryname> with the virutal directory name
cscript adsutil.vbs set w3svc/<identifier>/root/ <virtualdirectoryname>/ NTAuthenticationProviders "NTLM"

(2) To revert back to Kerberos use "Negotiate,NTLM" as the parameter

(3) To check what is currently set use the below commands
cscript adsutil.vbs get w3svc/ <identifier>/ root/NTAuthenticationProviders
cscript adsutil.vbs get w3svc/<identifier>/root/ <virtualdirectoryname>/ NTAuthenticationProviders

Comments

• Anonymous
  May 27, 2008
  Role Center Security Forcing NTLM http://blogs.msdn.com/solutions/archive/2008/05/28/forcing-ntlm-on-iiswebsite.aspx

• Anonymous
  June 24, 2008
  If the Virtual directory has a space or two in it the last command will not work even if you put (") around it. SharePoint - 80 as the virtual directory is seen as multiple args: cscript adsutil.vbs get w3svc/552499128/root/SharePoint - 80/NTAuthenticationProviders or "w3svc/552499128/root/SharePoint - 80/NTAuthenticationProviders" will not work

• Anonymous
  July 31, 2008
  You should use the id and not the description of the web site