Pros and Cons of Disabling NTLMv1

You can disable NTLM v1 completely in a Windows environment by setting the registry value HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to 5. This can also be done using Group Policy by configuring the following policy setting: Computer Configuration\Windows Settings\Security Settings\Local Polices\Security Options\Network Security: LAN Manager Authentication Level by selecting the “Send NTLMv2 response only\refuse LM & NTLM” option in the policy setting.

Now this obviously increases security for your network, but is it a good idea? Well remember: more security often means less functionality. For instance, two side effects I’ve heard of by administrators who have implemented this setting are (a) some older network appliances stop working since they rely on NTLMv1 and can’t do NTLMv2, and (b) integrated Windows authentication can fail for external users trying to access SharePoint sites. There may be other side effects as well for your environment, so be sure to test everything carefully if you plan on making this change on your network.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top