Network Security: Restrict NTLM: Incoming NTLM traffic' should set to 'Allow All
|ID: oval:org.secpod.oval:def:14759||Date: (C)2013-08-13 (M)2018-05-14|
|Class: COMPLIANCE||Family: windows|
This policy setting allows you to deny or allow incoming NTLM traffic.
If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Incoming NTLM traffic
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0!RestrictReceivingNTLMTraffic
|Microsoft Windows 7|