Ping a Specific Port

Question

bahrep

Asked: 2021-12-02 15:37:42 +0800 CST2021-12-02 15:37:42 +0800 CST 2021-12-02 15:37:42 +0800 CST

Not defined state of the `Network security: Restrict NTLM: NTLM authentication in this domain` GPO

772

Is NTLM by default disabled on domain controllers with Windows Server 2019?

My current tests show that the GPO Network security: Restrict NTLM: NTLM authentication in this domain does not work as documented. When this GPO is Not defined, NTLM does not work, and I see errors in Windows Security log:

Status: 0x80090302
Sub Status: 0xC0000418

Status 0xC0000418 translates to STATUS_NTLM_BLOCKED (The authentication failed because NTLM was blocked).

However, if I change GPO to Disable, NTLM works again.

The documentation says that when "Not defined" "The domain controller will allow all NTLM authentication requests in the domain where the policy is deployed.". So I was assuming that I don't need to change group policies to enable NTLM.

OS Name Microsoft Windows Server 2019 Standard

Version 10.0.17763 Build 17763

1 Answers

Voted

bahrep · Answer 1 · 2021-12-07T11:19:10+08:00

Best Answer

bahrep

2021-12-07T11:19:10+08:002021-12-07T11:19:10+08:00

I overlooked that the server computers had a Local Security Policy that disabled NTLM. NTLM works again after removing this policy.

0

Not defined state of the `Network security: Restrict NTLM: NTLM authentication in this domain` GPO

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?