NTLM Authentication

Updated: November 29, 2012

Applies To: Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP

This technology collection page lists all pertinent resources available for NTLM authentication in the Microsoft TechNet Libraries for all Windows Server operating system versions beginning with Windows Server 2003.

Featured resources

The following resources will help you locate priority information:

• Auditing and restricting NTLM usage guide

  This guide describes the considerations and steps required to reduce NTLM usage in your environment by using available tools and the restrict NTLM audit and blocking policies in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7.

• Windows Authentication Blog

  This Microsoft TechNet blog discusses issues about managing the use of NTLM as part of your authentication strategy.

• Ask the Directory Services Team: NTLM Blocking and You: Application Analysis and Auditing Methodologies in Windows 7

  This scenario topic written for the IT professional describes the basis for and the procedures to restrict NTLM authentication usage in your IT environment for Windows operating systems beginning with Windows Server 2003.

• Security TechCenter: Security for IT Pros

  The Security TechCenter provides links to technical bulletins, advisories, tools, prescriptive guidance, and community resources designed to help IT professionals keep Microsoft servers, desktops, and applications up to date and secure.

• Configuring MaxConcurrentAPI for NTLM pass-through authentication

  This NTLM troubleshooting topic describes how to configure MaxConcurrentAPI to remediate Net Logon service authentication bottlenecks beginning with Windows Server 2003.

Product Evaluation

• Introducing the Restriction of NTLM Authentication

  This product evaluation article written for the IT professional describes new security policies introduced in Windows Server 2008 R2 and Windows 7 to help you analyze and restrict NTLM authentication usage in your IT environment.

• Changes in NTLM Authentication

  This product evaluation article for IT professionals describes two significant changes in the NTLM authentication protocol in Windows Server 2008 R2 and Windows 7.

Planning and Architecture

• IT Infrastructure Threat Modeling Guide

  This planning guide provides a method that enables IT professionals to develop threat models for their IT environments and prioritize their investments in IT infrastructure security.

• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP

  This Threats and Countermeasures Guide provides a reference to all security settings that provide countermeasures for specific threats against the listed operating systems. This guide is a companion to two other Microsoft publications: the Windows Server 2003 Security Guide and the Windows XP Security Guide.

• Threats and Countermeasures Guide: Security Settings in Windows Server 2008 and Windows Vista

  This Threats and Countermeasures Guide provides a reference to all security settings that provide countermeasures for specific threats against the listed operating systems. This guide is a companion to two other Microsoft publications: the Windows Server 2008 Security Guide and the Windows Vista Security Guide.

• Threats and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and Windows 7

  This Threats and Countermeasures Guide provides a reference to all security settings that provide countermeasures for specific threats against the listed operating systems.

• Designing Your Windows Authentication Strategy

  This design guide for the IT professional helps you understand, plan for, and implement specific strategies to secure authentication in your IT environment beginning with Windows Server 2003.

• Auditing and restricting NTLM usage guide

  This guide describes the considerations and steps required to reduce NTLM usage in your environment by using available tools and the restrict NTLM audit and blocking policies in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7.

Development

• [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol Specification

  This developer topic describes NTLM Authentication Protocol as it is used in Windows for authentication between clients and servers.

• [MS-NNTP]: NT LAN Manager (NTLM) Authentication: Network News Transfer Protocol (NNTP) Extension

  This developer topic describes the Network News Transfer Protocol (NNTP) Extension that specifies the use of NTLM authentication by NNTP to facilitate client authentication to an NNTP server.

• [MS-NTHT]: NTLM Over HTTP Protocol Specification

  This developer topic describes support for NTLM (as specified in [MS-NLMP]) authentication in Microsoft Internet Explorer and Microsoft Internet Information Services (IIS) that uses the HTTP Protocol in addition to other standard authentication mechanisms.

• Microsoft NTLM (Windows)

  This MSDN article for the developer provides an overview of NTLM authentication.

Support

The following list of Knowledge Base articles for the IT professional address specific issues uncovered in Windows operation systems beginning with Windows Server 2003.

• How to enable NTLM 2 authentication

• NTLM user authentication in Windows