ARCHIVED: How can I use a GPO to force NTLMv2?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Note: This information is intended for registered local support providers (LSPs) at Indiana University. If you are an IU LSP and have questions regarding this content, email UITS Tier 2 Support; otherwise, contact your campus Support Center.

To use a Group Policy Object (GPO) to force Windows to use NTLMv2, follow these steps:

  1. Open the Group Policy Management Console.
  2. Select the GPO to which you wish to add the setting, or create a new one.
  3. Find "Network Security: LAN Manager authentication level", which is located in Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options.
  4. Set the LAN Manager authentication level to NTLMv2 response only/refuse LM and NTLM.

This is document atcd in the Knowledge Base.
Last modified on 2021-09-07 17:16:35.