Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.

If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.

If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.

If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.

This policy is supported on at least Windows 7 or Windows Server 2008 R2.

Note: Audit and block events are recorded on this computer in the "NTLMBlock" Log located under the Applications and Services Log/Microsoft/Windows/Security-NTLM.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Supported on: 

At least Windows 7, Windows Server 2008 R2

Registry settings: 

MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic

Reboot required: 

No