LAN Manager authentication level Default Value for Windows 10 and Windows 11 client Machines.

raj a 236 Reputation points
2024-04-09T20:04:26.0666667+00:00

Hello,

In my Active Directory Domain environment, I have Windows 10 and Windows 11 client machines.

These machines do not have the "Network security: LAN Manager authentication level" configured.

I want to understand the default value that my Windows 10 and 11 systems will use when authenticating using the NTLM protocol.

-Send LM & NTLM responses

-Send LM & NTLM - use NTLMv2 session security if negotiated

-Send NTLM responses only

-Send NTLMv2 responses only

-Send NTLMv2 responses only. Refuse LM

-Send NTLMv2 responses only. Refuse LM & NTLM

Thanks Much.

Regards,

Raj

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,668 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,772 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,176 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,904 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,234 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 18,706 Reputation points Microsoft Vendor
    2024-04-10T07:27:09.7733333+00:00

    Hello raj a,

    Thank you for posting in Q&A forum.

    Based on the two similar threads below:
    https://learn.microsoft.com/en-us/answers/questions/1091231/what-is-the-defualt-lan-manager-authentication-lev

    https://learn.microsoft.com/en-us/archive/msdn-technet-forums/41ed0ba1-6a0f-4d5d-87de-401082a10a0c

    And the default setting on DCs, member servers and stand-alone servers, it seems the default setting on Win 10 and Win 11 is Send NTLMv2 response only (Registry security level is 3).

    Stand-Alone Server Default Settings:
    Send NTLMv2 response only
    DC Effective Default Settings:
    Send NTLMv2 response only
    Member Server Effective Default Settings:
    Send NTLMv2 response only

    Other reference:
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments