Disable Microsoft Windows LM / NTLMv1 Authentication

How can I disable Microsoft Windows LM / NTLMv1 Authentication  on all the computers in my domain?

I'm hoping this is a group policy.
Who is Participating?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You could disable NTLMV1 by by changed the value to 5 for:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to 5.

You could also create a GPO to disable LM as per link below:


Even with all of this, password hashes are stored in LM hash in memory if password is 14 characters or less.  Refer to this link below for more information:

JohnBusiness Consultant (Owner)Commented:
Here is the Microsoft Knowledgebase article for NTLM 2 authentication.


I set my LSA registry key value to allow access between my old virtual machines and my Windows 8 machine.

Why do you wish to disable it?  I cannot think of any need and I am not sure it is a good idea.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Also note that you cannot disable LM or NTLM1 if there computers older than XP for workstations and NT for servers.
TRTurnerAuthor Commented:
Thanks for the heads up
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.