3 ways to implement NTLMv2 only on Windows machines

The importance of using “Send NTLMv2 response only. Refuse LM & NTLM” in Windows machines is to reinforce network authentication security.

Here’s what it does :

Use NTLMv2 only : This policy configures client devices to use only NTLMv2 for authentication. NTLMv2 is a more secure version of the NTLM protocol, offering better protection against replay and man-in-the-middle attacks.

Refuse older versions : Refuses authentication using less secure versions of LM (LAN Manager) and NTLM (NTLMv1). This prevents devices and services that do not support NTLMv2 from authenticating, thus increasing overall network security.

In short, this policy helps ensure that only the most secure authentication methods are used, reducing the risk of credentials being compromised.

1 – Steps Using GPO :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security\LAN Manager authentication level

To the following value : Send NTLMv2 response only. Refuse LM & NTLM

2 – Steps Using PowerShell :

This script must be executed as Administrator :

 $RegistryPath = 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' 
$Name  = 'LmCompatibilityLevel'
$Value   = '5'

New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force

3 – Steps Using Intune :

From Intune Admin center follow this steps :

Thanks

Aymen EL JAZIRI (Microsoft MVP)
Aymen EL JAZIRI (Microsoft MVP)

Hi, I’m Aymen El Jaziri , a passionate System Administrator and Microsoft MVP, with years of hands-on experience in managing and securing modern IT infrastructures.
This blog is where I share technical guides, automation scripts, product reviews, and real-world solutions that help IT professionals simplify their day-to-day work and stay ahead in a fast-evolving cloud ecosystem.
Whether you’re here to troubleshoot an issue, improve your automation game, or learn new best practices , welcome in my blog !
Let’s build a stronger, smarter IT community together.
Feel free to connect with me on LinkedIn for more content, discussions, or collaboration opportunities.

Thanks

Aymen

Articles: 154

Related Posts

Trending now

Why it’s important to to disable user application consent in Microsoft 365
Intune Security Deep Dive : Enable Tamper Protection to Secure Defender Settings on Windows Devices
Unlock Your Microsoft 365 Tenant after Conditional Access misconfiguration in One Click
Maximize RDS Collection Efficiency : PowerShell Automation for Seamless Maintenance