This might not be the EXACT forum to post, but it seems the other Windows 2008 R2 forums are set to read only. Here's my issue/question: Our enterprise is running an old version of a Solaris system that requires NTLM authentication Version 1 to function. There is no easy way to set the application/system to utilize NTLM version 2. It would require effectively rebuilding the platform and infra, which there is no appetite for, as the system is dated. We recently migrated to Windows 2008 R2 on our domain controllers. Now when the application tries to authenticate, it fails, as we no longer allow NTLM version 1 in the environment. My question is this: I am aware of a GPO setting which enables building an "Exception List" of servers that are allowed to authenticate using NTLM. I would like to know if the GPO, or any GPO allows you to specify which version of NTLM the GPO applies to. For example, is it possible to: Enable NTLM version 2 authentication (All clients/servers) Disable NTLM version 1 authentication (All clients/servers EXCEPT servers A B C etc) Thanks in advance, Rick

Hi, The policy you mentioned is used to disable NTLM and may not help in this case as NTLM is enabled by default in Windows Server 2008 R2. Please configure the Network security: Lan Manager authentication level policy instead. The default setting is Send NTLMv2 response only in Windows Server 2008 R2. You can change the setting based on your requirement. http://support.microsoft.com/kb/823659 " Windows 7 and Windows Server 2008 R2: Many third-party CIFS servers, such as Novell Netware 6 or Linux-based Samba servers, are not aware of NTLMv2 and use NTLM only. Therefore, levels greater than "2" do not permit connectivity. Now in this version of the operating system, the default for LmCompatibilityLevel was changed to "3". So when you upgrade Windows, these 3rd party filers may stop working. "This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.