If the registry item lmcompatibilitylevel in HKLM\System\CurrentControlSet\Control\Lsa does not exist, when I look at the local policy Network Security:LAN Mananager authentication level, it shows 'Not Defined' in the policy editor, and blank in the property page.
I've been combing the Microsoft documentation for some inkling of what the setting means, but the documentation is both unclear and somewhat contradictory.
In the current version of the policy documentation is the following statement:
In Windows 7 and Windows Vista, this setting is undefined. In Windows Server 2008 R2 and later, this setting is configured to Send NTLMv2 responses only.
I read 'setting is configured' to mean that this is EXPLICITLY set to this setting (lmcompatibilitylevel = 3)
In the Server 2012 and Server 2012 R2 version of the policy documentation are the following statements:
In Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, the default is Send NTLMv2 response only.
Later in that same document:
In Windows 7 and Windows Vista, this setting is undefined. In Windows Server 2008 R2 and Windows Server 2008 this setting is configured to Send NTLMv2 responses only.
The first statement implies that this is the default, but the second (like the current doc) suggests that it is EXPLICITLY set (configured).
Given the way these statements are worded, I'm not sure what the actual value is, and I'm hoping this esteemed community can set me right. What is the default value for lmcompatibilitylevel in this case for Server 2012 and newer?
