Guest techcoor Posted October 14, 2018 Posted October 14, 2018 Did try turning on the NTLM auditing in Domain Controller GPO. Network security: Restrict NTLM: Audit Incoming NTLM Traffic Enabling auditing for all accounts. Network security: Restrict NTLM: Audit NTLM authentication in this domain Enable all Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Audit all Event viewer, Application and Services, Microsoft, Windows, NTLM shows NTLM client or NTLM Server blocked audit. NTLM server blocked audit: Audit Incoming NTLM Traffic that would be blocked Audit NTLM authentication requests to this server that would be blocked if the security policy Network Security: Restrict NTLM: Incoming NTLM Traffic is set to Deny all accounts or Deny all domain accounts. But the Restrict NTLM: Incoming NTLM Traffic is set to Deny all accounts or Deny all domain accounts. is Not Defined. NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked. If you want only the target server ldap/Server to accept NTLM authentication requests from this computer, set the security policy Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers to Deny all, and then set the security policy Network Security: Restrict NTLM: Add remote server exceptions and list the target server ldap/Server as an exception to use NTLM authentication. But Restrict NTLM: Outgoing NTLM traffic to remote servers is set to Audit all Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.