A recurring entry in the Event logs is this one: Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server.
The accompanying link is to a page explaining a very labour-intensive job on how to create audit logs to figure out what applications actually use NTLM. Did some searching on the topic, but just about every site explaining how to get rid of NTLM use the same procedures; just disabling NTLM can be disastrous. Nice foresight. Thing is; I have no clue what to look for? I enabled the proposed Audits and looked at the results. And they make little sense.
We have a pretty bog-standard Windows domain with Windows 10 clients and a Hyper-V 2016 server with two VM’s running Windows server 2016. One as Domain controller / Files Server and one for Exchange 2016. Applications we use are Office 2019 and Autodesk AEC Collection.
Looks pretty ‘modern’ to me so I wonder what would happen if I just disable NTLM. And if this will cause major havoc, then would one even consider switching off NTLM?
