How to enable NTLM authentication in windows 2016 server?
NT LAN Manager (including LM, NTLM v1, v2, and NTLM2) is enabled and active in Server 2016 by default, as its still used for local logon (on non-domain controllers) and workgroup logon authentication in Server 2016.
You can restrict and/or disable NTLM authentication via Group Policy. It's located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, and the options are listed as "Network Security: Restrict NTLM:". There are seven options that are fairly self-explanatory.
I strongly recommend against relying on NTLM security, as even NTLM2 is weak and relatively easy to crack. If possible, it should be disabled on servers in modern Active Directory environments.
More Details: https://docs.microsoft.com/en-us/windows-server/security/kerberos/ntlm-overview
Related videos on Youtube
SnowStorm
Updated on September 18, 2022Comments
-
SnowStorm over 1 year
I have a windows 2016 server with active directory that is also domain controller and apparently NTLM authentication is disabled. How I can enable NTLM authentication?
-
SnowStorm over 5 yearsI can't find it in that path
-
Alex over 5 yearsWhat functional level is your domain?
-
SnowStorm over 5 yearsWindows Server 2016
-
Alex over 5 yearsAre you using Group Policy Management or are you using secpol? Here is a screenshot of the settings: rootusers.com/wp-content/uploads/2017/03/…
-
SnowStorm over 5 yearsI'm using Group Policy Management and my settings is same as your screen shot