none
The LanMan authentication level set to send NTLMv2 response only, and to refuse LM and NTLM.

    Question

  • Hello,

    I am trying to configure the following rule 

    According to Rule, set Send NTLMv2 response only. Refuse LM & NTLM" (Level 5) on the server. Now the server will refuse NTLM autechcation which is less.

    I changed the setting on the server

    TO configure this rule  "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "Network security: LAN Manager authentication level" to "Send NTLMv2 response only. Refuse LM & NTLM".

    And on the client change the setting to send  LM & NTLM only.

    To check that the server refusing the authentication of  LM & NTLM or not,reset  the password of  one user after that tried to logon  on that client.

    But the client is allowing to login with new password.

    Can any one suggest me why this rule is not working for me

    Thanks

    Wednesday, October 19, 2016 9:43 PM

Answers

  • what version Windows Server?

    what version Windows client?

    (it's probably new version Windows, so probably is using KRB and not using NTLM at all... ??)


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by vijay a singh Thursday, October 20, 2016 2:59 PM
    Thursday, October 20, 2016 8:32 AM

All replies

  • Hi,
    First of all, please make sure that the GPO is applied successfully to the servers, you could run gpresult /r command to view it.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 20, 2016 7:01 AM
    Moderator
  • what version Windows Server?

    what version Windows client?

    (it's probably new version Windows, so probably is using KRB and not using NTLM at all... ??)


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by vijay a singh Thursday, October 20, 2016 2:59 PM
    Thursday, October 20, 2016 8:32 AM
  • Hi,

    Thanks for reply.

    Windows Server version 2012 r2

    Windows client version 2012 r2.

    Its working in only one scenario  i.e. Set  NTLMv2 response only. Refuse LM & NTLM" (Level 5) on the server and on the client set "send  LM & NTLM  only.

    After doing this the server is not allowing  to login through remote, not accepting the the password.If we change the setting  in client to  NTLMv2 response only.

    Then its allowing to login.  


    Thursday, October 20, 2016 3:08 PM
  • Hi,
    Appreciate for your update and share.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 24, 2016 2:42 AM
    Moderator