|
|
|
|
|
|
by noinsight
3261 days ago
|
|
|
> You have to specifically enable it on newest Windows platforms, because afaik it has been disabled by default for some 5+ years now. No you don't have to specifically enable it, it's still enabled (by default). Completely disabling NTLM on a network would be a large project and not even Microsoft recommend that because the security gains are relatively small. (See microsoft.com/pth for their comprehensive credential security guidance) |
|
|
* Authenticating against a pre-NT 4.0 server * Accessing a domain resource via IP * Accessing a resource on a non-domain member * Accessing a resource on a computer that does not support Kerberos (Windows 3.11, Windows 95, etc.)
It's trivial to force this downgrade on most domains.