Stop using LAN Manager and NTLMv1!

When performing Security checks in customer environments we often find out that LAN Manager or NTLMv1 is still allowed. Most customers don't know that this setting leaves the environment highly vulnerable to attacks targeting their authentication methods.

How do I reconfigure NTLMv1 on my computer so it will work with the Kiewit domain?

Before we get started

You will need admin privileges on your computer to make some of these configuration changes. If you don’t have those privileges, then ask your IT support to make this change. You can send them a link to this page. If your computer is part of a Windows domain, you may need your IT support to make this change–they may have implemented something that overrides any change you make.

Let’s fix up your operating system

1. Use the local security policy approach:
   1. Use “Start->Run” and type in “gpedit.msc” in the “Run” dialog box.  A “Group Policy” window will open.
   2. Click down to “Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
   3. Find the policy “Network Security: LAN Manager authentication level”.
   4. Right click on this policy and choose “Properties”.
   5. Choose “Send NTLMv2 response only/refuse LM & NTLM”.
   6. Click OK and confirm the setting change.
   7. Close the “Group Policy” window.
   8. You are done configuring Windows!