Force anonymous authentication to use NTLM v2 rather than NTLM v1?

Question

I already started changing my applications that use NTLM v1 in the authentication for NTLM v2.

I still have several event IDs in my DCs that show sessiom NULL with anonymous accounts. after troubleshooting I found that the sessions are done by remote Windows services in my LAN particularly Windows 2008 and less.

The authentication package that is used in those sessions is NTLM V1 like event ID 4624 (Microsoft windows Security Auditing)

Is it possible to force the NTLM V2 rather than NTLM V1 for those anonymous authentication used by Windows services?

score 1 · Answer 1 · edited Apr 13 '17 at 12:13

1

I think if you look at this answered question, that you will see how to disable NTLMv1 connections and that should force the connection to be over NTLMv2

edited Apr 13 '17 at 12:13

Community

1

answered Dec 09 '16 at 22:00

Rowan Hawkins

590
2
18

score 0 · Answer 2 · answered Dec 09 '16 at 23:48

0

Here are all the possible settings and the ramifications of each. https://markgamache.blogspot.com/2013/01/ntlm-challenge-response-is-100-broken.html

answered Dec 09 '16 at 23:48

markgamache

195
4

Force anonymous authentication to use NTLM v2 rather than NTLM v1?

2 Answers2