Restricting NTLM usage
Updated: November 21, 2012
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
This topic links to information that describe the tasks you need to perform to restrict NTLM usage in your operating environment. Specific Group Policies and security policies that were introduced in Windows Server 2008 R2 and Windows 7 allow you to restrict NTLM traffic between client computers, remote servers, member servers, and domain controllers.
Discovering and auditing the current state of NTLM authentication traffic is necessary before the “Restrict NTLM” security policies are implemented. For information about how to assess NTLM authentication traffic, see Assessing NTLM usage in this guide.
The three points at which to restrict NTLM traffic are:
NTLM traffic within a domain from a domain controller
NTLM traffic outbound from a remote server
NTLM traffic from a client computer to connected remote server
Configuring server exceptions to allow NTLM
This topic describes the reasons for and how to configure two security policies that permit NTLM authentication on servers that you have identified as acceptable.
Using security policies to restrict NTLM traffic
This navigational topic lists the available Group Policies and security policies that can be used to restrict NTLM traffic in your system and domain.