Disable NTLM1

Principle

NTLM authentication refers to a set of authentication protocols included in the Windows Msv1_0.dll library. NTLM authentication protocols include LAN Manager versions 1 and 2, and NTLM versions 1 and 2.

Their purpose is to authenticate users and computers based on a stimulus/response mechanism designed to prove to a server or domain controller that a user knows the password associated with an account. (Source : https://learn.microsoft.com/fr-fr/windows-server/security/kerberos/ntlm-overview)

 

To install Watchdoc v6.1, it may be useful to disable NTLM v1 in favor of NTLM v2.

Procedure

To disable NTLM v1,

  1. from the Watchdoc server, go to the registry editor;

  2. in the editor, search for the key Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

     

  1. for the NtlmMinClientSec key, right-click and select Modify ;

  2. in the edit box, in the Value data field, enter the value 537395200 ;

  3. tick Base Decimal ;

  4. click OK to validate the new key value ;

  5. repeat this operation for the NtlmMinServerSec key.