Policy

NTLM Enhanced Logging

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategorySystem > NTLM
Supported onAt least Windows 11 Version 24H2

Supported OS tags: Windows11

This policy setting allows the NTLM security package to log the new, enhanced auditing logs for both clients and servers. These enhanced logs have information about what is using NTLM, why NTLM is being used, and the destination of the NTLM authentication request. They also have information about NTLMv1 usage and other security downgrades. If you enabled or do not configure this policy, the new auditing logs will be generated. If you disable the policy, the new logs are not generated.

Internal name
LogEnhancedNtlmAudits
Policy ID
9a4c1d9d72f7
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\NTLM\Parameters\LogEnhancedAuditEventsREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.