NTLM disabled on clients

[Pablo E. Colazurdo]

i'm running into some issues because a joined company migrated their
NT4 domain to Mixed AD but we forgot to put the NT4Emulator registry
hack before doing the upgrade so several of my servers are trying the
contact their server by using Kerberos. the problems is that we have
several machines that are not able to use Kerberos due firewalls
policies. Is there anyway to hack the client behavior and make them use
NTLM again?

Thanks a lot,
Pablo

 

[Chriss3]

Hello Pablo, You may use Group Policy to apply the registery setting or a
logon script.

To neutralize Windows NT 4.0 emulation

1.. In the registry editor, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
2.. Click Edit, click New, and then click DWORD Value.
3.. For the new entry name, type NeutralizeNT4Emulator, and then press
ENTER.
4.. Double-click the entry name that you typed in the previous step.
5.. In the Edit DWORD Value dialog box, type 1 in the Value data: box, and
then click OK.
6.. Click Registry, and then click Exit to close the registry editor.

 

[Pablo E. Colazurdo]

Hello Pablo, You may use Group Policy to apply the registery setting
or a logon script.

To neutralize Windows NT 4.0 emulation

1.. In the registry editor, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Paramete
rs 2.. Click Edit, click New, and then click DWORD Value.
3.. For the new entry name, type NeutralizeNT4Emulator, and then
press ENTER.
4.. Double-click the entry name that you typed in the previous step.
5.. In the Edit DWORD Value dialog box, type 1 in the Value data:
box, and then click OK.
6.. Click Registry, and then click Exit to close the registry
editor.

But, AFAIK this entry will let my users to use kerberos even when
NT4Emulator is in place. I need to do the other way around. To force
the computers to use NTLM even when they already know they can use
Kerberos.