![]() This may include third parties, Event Subscriptions, or other methods. Come up with an audit event collection strategy.NTLM cannot be blocked on them directly and auditing/remote exceptions will be very difficult. NTLM blocking in environments that have Vista/2008/XP/2003 or older OS's is not recommended.Deploy the domain auditing on DC's only it will have no effect on member computers. Deploy the incoming and outgoing auditing policies to all servers and computers.Deploy auditing in the production environment if not all applications can be inventoried.Deploy the auditing in a test environment as long as all applications have been inventoried and there is no reasonable possibility of users running unknown applications in production. ![]() Deploy all three types of NTLM auditing (See Enabling NTLM Auditing below).Some elderly applications may simply use legacy code and will always require NTLM – this may cause you to abandon the blocking effort, or force you to come up with an exception strategy.īelow are some guidelines for your auditing and analysis phase: You may find applications that you had no idea were using NTLM, and they will need to be updated or reconfigured – that can really stretch out the timelines. I fully expect an NTLM blocking deployment to take at least 6 months of testing and analysis in a complex environment with hundreds of applications and thousands of computers. The key to rolling out NTLM blocking is that you must be systematic and take your time. NTLM auditing and analysis recommendations This is a critical phase to complete before attempting to block NTLM – if you just start blocking arbitrarily you will likely have applications that stop working. Through the use of auditing techniques and application analysis, it is possible to correctly outline all NTLM use in an environment. ![]() There’s currently very little documentation on this new capability, so I am going to get the ball rolling and talk about some techniques you can use to start evaluating if NTLM blocking will work for your network. IT works in both a send or receive mode, and allows you to create exceptions. ![]() This prevents NTLM from being used for authentication. Windows 7 and Windows Server 2008 R2 introduce a long sought feature known as NTLM blocking. First published on TechNet on Oct 08, 2009 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |