Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,503 questions
Final check before Fully Block NTLM for all Domain
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 87%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Namless Shelter
231
Reputation points
Dear PPL,
I would like to set our Default Domain Policy "Restrict NTLM: Incoming NTLM Traffic" to Deny All Accounts.
Before I do it, I have enabled Auditing Logs, can see some devices or services are still using NTLM, for example, Win10 devices, Palo UserID Agent, some LDAP queries from OP Manager etc..
My concern now is: there is no way disabling NTLM will break:
Microsoft HyperV Failover Cluster, DFS or User Based 802.1x Wifi etc?
Also, how can add third party servers or services to be exclusion to still be able to use NTLMv2? I dont see a way to add IP address?
Thanks a lot,
Larry