Home / general

How do I know if NTLM is enabled in Active Directory?

Carter Sullivan | March 23, 2026

If you're using Kerberos, then you'll see the activity in the event log. If you are passing your credentials and you don't see any Kerberos activity in the event log, then you're using NTLM.

How can I tell if NTLM is enabled?

To find applications that use NTLMv1, enable Logon Success Auditing on the domain controller, and then look for Success auditing Event 4624, which contains information about the version of NTLM.

Does Active Directory use NTLM?

While NTLM is still supported by Microsoft, it has been replaced by Kerberos as the default authentication protocol in Windows 2000 and subsequent Active Directory (AD) domains.

How do I find my NTLM settings?

Click down to “Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Find the policy “Network Security: LAN Manager authentication level”. Right click on this policy and choose “Properties”. Choose “Send NTLMv2 response only/refuse LM & NTLM”.

How do I turn on NTLM?

To activate NTLM 2 on the client, follow these steps:

Start Registry Editor (Regedit.exe).
Locate and click the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control.
Create an LSA registry key in the registry key listed above.

NTLM Troubleshooting

What applications use NTLM authentication?

Current applications

NTLM authentication is also used for local logon authentication on non-domain controllers. Kerberos version 5 authentication is the preferred authentication method for Active Directory environments, but a non-Microsoft or Microsoft application might still use NTLM.

What port does NTLM use?

NT LAN Manager (NTLM) is the default authentication scheme used by the WinLogon process; it uses three ports between the client and domain controller (DC): UDP 137 – UDP 137 (NetBIOS Name) UDP 138 – UDP 138 (NetBIOS Netlogon and Browsing) 1024-65535/TCP – TCP 139 (NetBIOS Session)

How do I stop NTLM authentication?

Now, double-click on Network Security: LAN Manager authentication level. Select Sent NTMLv2 response only. Refuse LM & NTML from the “Local Security Settings” tab. Click Apply > Ok and NTML authentication will be disabled on your domain.

How do I enable NTLM authentication in IIS?

Open IIS and navigate to the Default Web Site. Open Authentication. Click Windows Authentication > Advanced Settings. De-select Enable Kernel-mode authentication and click OK.

How do you know if its NTLM or Kerberos?

Once Kerberos logging is enabled, then, log into stuff and watch the event log. If you're using Kerberos, then you'll see the activity in the event log. If you are passing your credentials and you don't see any Kerberos activity in the event log, then you're using NTLM.

Is NTLM the same as Windows authentication?

NTLM is the proprietary Microsoft authentication protocol.

What is my NTLM domain?

The NTLM identity is the domain\username with which users log on to their Windows PC; for example, MYDOMAIN\jsmith. NTLM credentials include the NTLM identity (as defined above), the PC's identity, and a non-reversible encryption of the user's password.

How do I audit NTLM?

Steps to collect the NTLM audit logs:

Open the Event Viewer.
Expand the Application and Services Logs>Microsoft>Windows>NTLM>Operational.
Now off to the right you will see logging. ...
Click on Action and scroll down to "Save All Events As..."
Have customer send a copy of that log.

What is NTLM in IIS?

Previous versions of the Windows platform provided a rudimentary Single Sign-on (SSO) mechanism known as NT LAN Manager (NTLM) authentication. This method of authentication is based on hashing algorithms providing a similar level of security and operation as that of Basic Authentication.

How do I know if Windows Authentication is enabled in IIS?

Enabling Windows authentication in IIS

Go to Control Panel -> Programs and Features -> Turn windows features on or off.
Expand Internet Information Services -> World Wide Web Services.
Under Security, select the Windows Authentication check box.
Click OK to finish the configuration.

Can I disable NTLM on domain controller?

Deny for domain accounts

Only the domain controller will deny all NTLM authentication logon attempts from domain accounts and will return an NTLM blocked error unless the server name is on the exception list in the Network security: Restrict NTLM: Add server exceptions in this domain policy setting.

Is it safe to disable NTLM?

Windows 2000 Microsoft introduced a more secure Kerberos authentication protocol. The NTLM (generally, it is NTLMv2) is still widely in use for authentication on Windows domain networks. We recommend disabling NTLMv1 and NTLMv2 protocols and use Kerberos due to the following reasons: NTLM has very weak encryption.

What happens when you disable NTLM?

To disable NTLM within the domain, the setting NTLM authentication in this domain is set to the value Deny all. The NTLM authentication request of the web server will be blocked on the DC (Event ID 4004). Therefore, web01 is added to the list of the Add server exceptions in this domain setting.

Does NTLM use LDAP?

The solution uses UnboundID Java LDAP SDK and for the NTLM Handling it uses samba.

Does Windows 10 still use NTLM?

Although Microsoft Kerberos is the protocol of choice, NTLM is still supported.

What is NTLM traffic?

NTLM is a Microsoft-developed authentication protocol that uses a challenge-response mechanism for authentication, in which client computers can prove their identities without sending a password to the server.

Does LDAP use Kerberos or NTLM?

Kerberos largely replaced NTLM, an older and Microsoft's original (with Windows NT) authentication protocol. LDAP is also an authentication and authorization protocol, and also methodology of organizing objects such as users, computers, and organizational units within a directory, such as Active Directory.

How do I change from NTLM to Kerberos?

Navigation to Application Management > Authentication Providers. Choose the web application you wish to configure from the drop-down in the top right corner (this includes the Central Administration web application) Click on 'Default' Set the authentication to Negotiate (Kerberos)

Does Active Directory use Kerberos by default?

Active Directory Domain Services is required for default Kerberos implementations within the domain or forest.

What authentication does Active Directory use?

Active Directory uses Kerberos version 5 as authentication protocol in order to provide authentication between server and client. Kerberos v5 became default authentication protocol for windows server from windows server 2003.

You Might Also Like

Do ballerinas break their toes?

How do you stop a 25 year old from wetting the bed?

What is Eren's strongest Titan form?

Did the Missouri battleship serve in Vietnam?