Enabling Only the Most Secure Version of Integrated Windows Authentication
If you use Integrated Windows authentication and the client computers connecting to your Web server use Microsoft Windows 2000, or Microsoft Windows NT 4.0 Service Pack 3 or later, you can configure your Web server to use only the strongest version of Integrated Windows authentication, NTLMv2.
You can set a Windows policy to specify only to use the latest version of NTLM. In the Local Security Policy of your Web servers, set the LAN Manager Authentication Level policy to Send NTLMv2 response only\refuse LM & NTLM to use the most secure setting.