We help IT Professionals succeed at work.

Disable NTLM Windows Server 2008 R2 DC

dur2348
dur2348 asked
on
Medium Priority
2,698 Views
Last Modified: 2012-06-16
I would like to disable NTLM on a Domain Controller running Windows Server 2008 R2 and propogate that to the workstations in the domain which are running Windows 7 so I can use a scanner that uses SMB to send scans to the server and various workstations.  I would like to do this through DC group policy if possible.  I would appreciate any help in doing this.  
Comment
Watch Question

Gary ColtharpSr. Systems Engineer

Commented:
You could try configuring a group policy that enables the following:

Computer Configuration>Policies>Windows Settings>Security Settings>Security Options
       Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients
       Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers

Define the settings and enable minimum NTLMv2

Dont forget to gpupdate the server and then reboot the clients.

Hope this helps.

Author

Commented:
Tried above.  Have attached view of server.  Still could not use scanner that uses SMB.  I found solution to this problem on another website--and solution was to turn off NTLM in DC group policy.  I am open to all suggestions on any alternative way to allow legacy Ricoh scanner to scan to Windows 7 machines and Windows Server 2008 R2.  
GP.pdf
Gary ColtharpSr. Systems Engineer

Commented:
The pdf shows no minimum... you have to click the minimum of NTLM v2...which is different than NTLM.

This will force legacy NTLM to be ignored.

Author

Commented:
I have choices as shown and selected.  Just wanted to clarify if I am understanding correctly.  Thanks for your help.
GP2.pdf
Gary ColtharpSr. Systems Engineer

Commented:
Yes, that looks better. Now it shows minimum NTLM v2

Author

Commented:
Still can not use scanner.  It sees computers but can not communicate with them.  I have set up old XP machine and scanner had no problem sending images to that computer.  Would be appreciate any other ideas on actually disabling NTLM--if that is possible.  Thanks again for your help.
Gary ColtharpSr. Systems Engineer

Commented:
You are certain the issue is related to NTLM? You have firewall disabled?

Author

Commented:
Yes, firewall is disabled.  Scanner scans to XP machines and Linux machines, but will not scan to Windows 7 or Windows 2008 R2 server.  All information I can find regarding the scanner indicates NTLM is the issue.  
Commented:
Was never able to solve this issue.  Finally set up XP machine to scan to.  At some point, we will probably replace legacy scanner-until then will use XP machine.

Author

Commented:
None of the proposed solutions solved my problem.  I eventually just put a XP machine up to handle legacy situation with older document center machine.