MicrosoftHi JerryDevore
Environment has around 500 servers, most 2016 R2 and some 2022. We have around 2,000 workstations with most being W10 , 11.
My questions are :
1 - Is a order like the one below correct?
- firstly client computers
- Then member servers
- Finally domain controllers
Workflow :
- first create a test GPO (Send NTLMv2 response only
) and deploy it to test client devices.
then watch it for a while and if no problems are found, deploy it to other computer objects.
- Then deploy GPO to test servers. then watch it for a while and if no problems are found, deploy it to other server objects.
- Finally, on the default domain controller policy Send NTLMv2 response only. Refuse LM & NTLM policy.
what kind of a road map should I follow?
2 - I have NTLMv01 log record for windows server 2019 OS named srv1 on DC. AFAIK, 2019OS supports NTLMv2. Why is the NTLMv1 log record coming here? What needs to be looked at here on the server? How to remediate?
Event ID 4624 on DC
timeCreated : 1/17/2025 10:30:03AM
Account Name : srv01$
Account Domain : contoso
Logon Type : 3
Worksstation Name : srv01
Source Network Address : x.x.x.x
3- if I immediately set Default Domain Policy and Default Domain Controllers Policy to level 4 (send NTLMv2 response only, refuse LM) is it make sense?
Can you write me a workflow?
