With the advent of more secure authentication protocols, the need to control the NTLM protocol within IT environments has increased. Reducing the usage of the NTLM protocol requires both knowledge of deployed application requirements on NTLM and strategies and steps necessary to configure infrastructures to use other protocols. New security policies and processes in Windows 7 and Windows Server 2008 R2 allow you to analyze authentication traffic and selectively block it on a client, server, and domain level.

For more information about using strong authentication protocols in a Windows environment, see Windows Authentication.

For more information about the NTLM protocol, see NTLM Authentication.

The first step in restricting the NTLM protocol is understanding which computers and applications in your organization are using the NTLM protocol for authentication. You can find this information by enabling certain security policies for auditing on computers running Windows 7. By reviewing the event logs, you can determine which applications can be configured to successfully use a stronger authentication protocol and also determine computers or domains that can function without the NTLM protocol.

For more information about discovering and analyzing NTLM authentication to prepare your strong authentication design, see Discovering and Auditing NTLM Usage Step-by-Step Guide.

New Group Policy settings in Windows 7 and Windows Server 2008 R2 permit the restriction of NTLM protocol usage on clients, servers, and domain controllers. These policies can be configured on computers running Windows 7 and Windows Server 2008 R2, which can affect NTLM usage on computers running earlier versions of Windows.

For more information about restricting NTLM authentication as part of your strong authentication design, see Restricting NTLM Usage Step-by-Step Guide.