Disabling NTLM, The Sagiss Way

To increase security, we are disabling NTLM (NT LAN Manager) for our clients.

We have already started the disabling process for some clients and will continue moving the rest of our clients away from NTLM.

What is NTLM?

NTLM is a Microsoft protocol for authenticating hosts on a local network.

NTLM was first introduced in Windows NT 3.1 in 1993. Version 2 was introduced in 1996. Despite its age, NTLM has stuck around due to concerns that a newer solution may not work with legacy applications such as printers and file servers.

Why is Sagiss discontinuing use of NTLM?

NTLM isn't the ideal authentication protocol for security reasons. The protocol has a number of known vulnerabilities.

NTLM is not being deprecated. The decision to disable NTLM is based purely on security concerns.

Microsoft now suggests that users drop NTLM in favor of Kerberos.

What is Kerberos?

Kerberos is an authentication protocol included on Windows 2000 and later releases.

Kerberos is generally more secure than NTLM, due largely in part to improved cryptography.

How will Sagiss disable NTLM for clients?

The process is quite simple and requires little to no action on the part of our clients.

Our service techs will first disable NTLM and then ensure that all applications are still working properly. Kerberos should automatically pick up where NTLM leaves off.

But as always, we encourage our clients to notify us of any issues that may arise from the change.