Forum Discussion
Use only Kerberos, disable NTLMv2
Hi everyone, In order to fix a security breach "Microsoft ADV210003: Mitigating NTLM Relay Attacks" I would like to disable the NTLM completely and to be sure to avoid impact I decide to audit the l...
The order will be governed by the client, not the server. So, if the client first tries NTLM then all the server can do is reject it (based on your GPO configuration), after which the client should try something else - Kerberos, in this instance. Setting the GPO doesn't imply an order.
The GPO setting only controls whether or not NTLM is accepted, not in which order protocols are attempted. That comes down to the application/component/whatever itself and factors such as whether it's working off operating system providers or its own implementation, etc.
- Hi,
Thank you very much for the clarification. It's now clear 🙂
Regards,
Bernard
