Help Desk Wiki

Help Desk Wiki » FAQs » ChangingComputersAndServersToRefuseLMAndNTLMConnections

Changing Computers And Servers To Refuse LM And NTLM Connections

To be compliance with In Common Silver AD DS, LM and NTLM not allowed.

Fix: Set “Network security: LAN Manager authentication level” in the computers local security policy to “Send NTL Mv 2 response only. Refuse LM & NTLM” by utilizing one of the three methods below:

Method 1:

Edit the Local Security Policy 1. Click Start --> Control Panel --> Performance and Maintenance --> Administrative Tools --> Local Security Policy 2. In the Local Security Settings Window Security Settings --> Local Policies --> Security Options 3. Find the Policy "Network Security: Lan Manager Authentication Level" and set it to "Send NTL Mv 2 response only\refuse LM & NTLM" 4. Restart the computer

Method 2:

Edit the registry from a command prompt (recommended for advanced users) 1. Click Start --> Run --> cmd 2. In the Command Prompt Window Type REG ADD "HKLM\System\Current Control Set\Control\Lsa" /v "LM Compatibility Level" /t REG_DWORD /d "5" /f 3. Restart the computer

Method 3:

Edit the Registry Directly (recommended for advanced users) 1. Click Start --> Run --> regedit 2. My Computer --> HKEY_LOCAL_MACHINE --> System --> Current Control Set --> Control --> Lsa 3. Find the Name "lmcompatibilitylevel" and enter "Value Data" of 5 4. Restart the computer

Here is an example of using Wireshark and editing registry to fix this issue:

Employee LoginViewPrintTalk


Contact Us

Web: UF Computing Help Desk
Walk-in: HUB 132
Phone: (352) 392-HELP (4357)

Ask A Question

Submit a Question


Learning Support Systems, Application Support Center


Help Desk Wiki, FAQ, Online Handouts, What's my UFID?

System Alerts

UF IT Dashboard Alerts (myUFL, Email, Network, etc), Security Advisories, GatorLink Mail and Web Services


AT Newsletters, IT Connections, CNS UPDATE