Restricting NTLM usage

Updated: November 21, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic links to information that describe the tasks you need to perform to restrict NTLM usage in your operating environment. Specific Group Policies and security policies that were introduced in Windows Server 2008 R2 and Windows 7 allow you to restrict NTLM traffic between client computers, remote servers, member servers, and domain controllers.

Discovering and auditing the current state of NTLM authentication traffic is necessary before the “Restrict NTLM” security policies are implemented. For information about how to assess NTLM authentication traffic, see Assessing NTLM usage in this guide.

The three points at which to restrict NTLM traffic are:

  • NTLM traffic within a domain from a domain controller

  • NTLM traffic outbound from a remote server

  • NTLM traffic from a client computer to connected remote server

Topics in this section

See Also

Concepts

Auditing and restricting NTLM usage guide