|
|
|
|
|
|
by mr_mitm
1368 days ago
|
|
|
> Why is the NT hash even calculated any more? For legacy reasons, I assume. > Is it still the default? Yes > Can group policy be configured to tell everything to not used to disable NTLM everywhere? It can, at least for domain-joined Windows machines. Most environments can't afford to disable NTLM though, because some legacy systems rely on it. However, Microsoft recommends disabling it. > And can't AD be configured to disable RC4 everywhere? Yes > Do MS ever plan to properly deprecate NTLM/RC4, disable it in new domains and start displaying prominent warnings when they're enabled? I'm not aware of such plans. If I were to guess, then I'd reckon they want everyone to move to Azure and let onpremises AD die. |
|
|