Hey folks, I've been going through authentication logs on some Windows Servers (2015 and newer), and while most authentication is happening with Kerberos as expected, I keep spotting some NTLMv1 entries in the security logs. Here's what I've pulled up: I'm seeing logon success events (Event ID 4624) for anonymous logons using NTLMv1 instead of the more secure Kerberos or NTLMv2. My main struggle is that I can't pinpoint which specific app or service on the source machine is triggering these NTLMv1 calls. Can anyone provide guidance on how to transition away from NTLMv1 to either Kerberos or NTLMv2? Thanks a lot!
1 Answer
To move away from NTLMv1, you can enable the Group Policy to disable it. Just make sure to check for any potential impacts on your applications before doing that. It's always good to know what might break!
I'm a little worried it might mess up some critical applications or servers, though.