NTLMv1 and NTLMv2

Posted on 2006-04-18
Last Modified: 2012-05-05
I have an application that uses only NTLMv1 for LDAP and AD integration, is there a way to make sure that our domain controller is using NTLMv1?  

I also need to configure settings on my server so I can find out if this is the problem but I am not sure how.  This is what the software vendor sent me.. - you need to configure the server / active directory to Audit one of the following errors: Login Errors / NTLM errors / Domain or AD errors.

Question by:mwebb_sdmc
    LVL 23

    Expert Comment

    You can set your domain controllers in the GPMC for the Default domain controller policy.

    The setting is:

    Computer Config >> Windows Settings >> Security Settings >> Security Options >> Network Security:  LAN Manager authentication level

    You can set it to something like - Accept LM and NTLM - use NTLMv2 when negotiated

    See here as well:  (look at item #10 about that's got a lot of information)
    LVL 23

    Expert Comment

    Oh...also for the "auditing", in that same Security Options GP area, the audit policy should have auditing for success/failure for logon events.  That would tell you if they are failing to logon due to NTLM.

    Author Comment

    Is this gpmc different from the default domain controller security settings?  I changed it in there?

    LVL 23

    Accepted Solution

    the GPMC is the Group Policy Management Console.  Easier to administer and get around in.

    You can download it here:

    Then you change the "Default domain controller policy"

    (and yes, it's the same as what you saw in the default domain controller security settings)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now