🔒 Secure Bits 💡
Did you know, 𝗡𝗧𝗟𝗠 𝘄𝗮𝘀 𝗱𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗲𝗱 𝗯𝘆 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗶𝗻 𝟮𝟬𝟮𝟰 ?
I know it is not a simple task for companies to get rid of NTLM in their environments, especially if you have hundreds or thousands of assets. I have assessed dozens of companies, so I have been there.
Dang, it is even hard to convince Windows OS to stop using NTLM. But that is not the point of this post.
There are GPOs that help you get rid of NTLM in your environment. As you can see below, you can completely disable NTLM in your Active Directory, but more importantly, you can AUDIT NTLM traffic before you do so.
I recommend starting to get rid of NTLM step-by-step. Audit the usage and disable it where you know it is safe.
Here is what you can do with GPOs:
– Deny all incoming NTLM traffic
– Deny all outgoing NTLM traffic
– Add servers to exception, so they can still use NTLM
– 𝗔𝘂𝗱𝗶𝘁 𝗡𝗧𝗟𝗠 𝘁𝗿𝗮𝗳𝗳𝗶𝗰
