Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


NTLMv1 and NTLMv2

Posted on 2006-04-18
Medium Priority
Last Modified: 2012-05-05
I have an application that uses only NTLMv1 for LDAP and AD integration, is there a way to make sure that our domain controller is using NTLMv1?  

I also need to configure settings on my server so I can find out if this is the problem but I am not sure how.  This is what the software vendor sent me.. - you need to configure the server / active directory to Audit one of the following errors: Login Errors / NTLM errors / Domain or AD errors.

Question by:mwebb_sdmc
  • 3
LVL 23

Expert Comment

ID: 16477724
You can set your domain controllers in the GPMC for the Default domain controller policy.

The setting is:

Computer Config >> Windows Settings >> Security Settings >> Security Options >> Network Security:  LAN Manager authentication level

You can set it to something like - Accept LM and NTLM - use NTLMv2 when negotiated

See here as well:  http://support.microsoft.com/kb/823659  (look at item #10 about that setting...it's got a lot of information)
LVL 23

Expert Comment

ID: 16477734
Oh...also for the "auditing", in that same Security Options GP area, the audit policy should have auditing for success/failure for logon events.  That would tell you if they are failing to logon due to NTLM.

Author Comment

ID: 16477772
Is this gpmc different from the default domain controller security settings?  I changed it in there?

LVL 23

Accepted Solution

TheCleaner earned 2000 total points
ID: 16478409
the GPMC is the Group Policy Management Console.  Easier to administer and get around in.

You can download it here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

Then you change the "Default domain controller policy"

(and yes, it's the same as what you saw in the default domain controller security settings)

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Integration Management Part 2
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question