question

techcoor-9538 avatar image
0 Votes"
techcoor-9538 asked techcoor-9538 answered

How does one disable NTLM in Windows Server 2019?

dcdiag gives:

Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.


         NTLM is a weaker authentication mechanism. Please check:

             

               Which applications are using NTLM authentication?

               Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?

               If NTLM must be supported, is Extended Protection configured?

             

         Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

If I look up how to disable online I get something that looks like

96758-image.png
https://techdirectarchive.com/2020/04/01/how-to-prevent-ntlm-credentials-from-being-sent-to-remote-servers-2/

I do not see the same settings in Windows Server 2019.

96802-image.png




windows-server-2019
image.png (175.3 KiB)
image.png (195.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

You can follow along here.
http://woshub.com/disable-ntlm-authentication-windows/

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

If I use your link, Microsoft Edge will block. I will substitute Your link

Your link gives wrong location. You
Your link says “Open the Group Policy Management Editor (gpmc.msc) and edit the Default Domain Policy.” The correct location is Default Domain Controllers Policy.

The way I reached the location is by Forest, Domains, domain name, Group Policy Objects. Right click Default Domain Controllers Policy and select edit. Now I can go select Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Security Options as shown in Your link Then I can set LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM as well as the other settings listed

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.