Policy
Block NTLM (LM, NTLM, NTLMv2)
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows11, WindowsServer2025
This policy controls if the SMB client will block NTLM for remote connection authentication. If you enable this policy setting, the SMB client won't use NTLM for remote connection authentication. If you disable or do not configure this policy setting, the SMB client can still use NTLM.
Internal name
Pol_BlockNTLM
Policy ID
5bdea4597e3e
Elements
0
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation\BlockNTLM | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAlternative Port MappingsAt least Windows Server 2025, Windows 11
- ComputerAudit insecure guest logonAt least Windows Server 2025, Windows 11
- ComputerAudit server does not support encryptionAt least Windows Server 2025, Windows 11
- ComputerAudit server does not support signingAt least Windows Server 2025, Windows 11
- ComputerBlock NTLM Server Exception ListAt least Windows Server 2025, Windows 11
- ComputerCipher suite orderAt least Windows Server 2016, Windows 10
- ComputerDisable SMB compressionAt least Windows Server 2022, Windows 11
- ComputerDisabled SMB over QUIC Server Exception ListAt least Windows Server 2025, Windows 11
- ComputerEnable Alternative PortsAt least Windows Server 2025, Windows 11
- ComputerEnable insecure guest logonsAt least Windows Server 2016, Windows 10
- ComputerEnable remote mailslotsAt least Windows Server 2025, Windows 11
- ComputerEnable SMB over QUICAt least Windows Server 2025, Windows 11