Microsoft
MicrosoftHi MaxC0der88
Question #1 - The OSs you mention are set to level 3 (Send NTLMv2 response only) by default which would configure them to only request NTLMv2 outbound but accepted NTLMv1 inbound. To ensure there is no configuration drift you could use a policy to enforce level 3 on the client and member servers (order is not important). Once that is done use the 4624 events to confirm all NTLM authentication are using v2. In the final configure all devices including domain controllers to level 5 to completely disable NTLMv1 in the domain.
Question #2 - The example you provided is missing the"Package Name" field which indicates the NTLM version. If it is actually resulting in the use of NTLMv1 I would verify that SRV01 is not set to a lmcompatibility value lower than 3
Question #3 - If you set the DCs to level 4 it will still accepted NTLMv1 authentications so yes that will not break anything. Once all domain joined devcies are set to a minimum of level 3 you can safely set the DCs to level 5.