NTLM V1 authentication in Windows 2012 R2 and 2016

  • Last Post 10 January 2017
BrianB posted this 09 January 2017

Probably a dumb question but I can’t find a definitive answer to my question via internet search.

  Is NTLM v1 disabled by default in Windows 2012 R2 and 2016?

  Or, is it just that a higher level of encryption is required but NTLM v1 still works by default and has to be purposely disabled?

  We are building a new forest and I am only just coming up on this. We think we want to disable NTLM V1 in our new environment but we have nightmares about the last time we tried this in 2008 R2 and had to revert the change to allowing it because of MAC clients, printers, and legacy OS and apps. If it is disabled by default and clients start having problems with authentication, we can look at NTLM auth. If it is not, we can make a plan to disable it. I just need to know the default posture if it is diabled or enabled by default.

  Thank you,   Brian B.        

Dima Razbornov posted this 10 January 2017

Hi Brian!

No, for compatibility reasons MS of course doesn't touch it. No matter 2012 or 2016 green install, your clients will use the same default settings with NTLM V1 (and moreover with lanmanager too), so it is enabled by default into any fresh installation.