Log Enhanced Domain-wide NTLM Logs
Supported on: At least Windows 11 Version 24H2
Registry
HKLM
Software\Policies\Microsoft\Netlogon\Parameters Value name: EnableEnhancedDomainNtlmLogs
Enabled: EnableEnhancedDomainNtlmLogs = 1
Disabled: EnableEnhancedDomainNtlmLogs = 0
Description
This policy setting configures whether the domain controllers to which this setting is applied will log the new, enhanced domain-wide NTLM logs. These logs contain more information about NTLM authentication on a domain-wide level, including NTLMv1 usage. If enabled, domain controllers will log the new domain-wide NTLM logs. If disabled, domain controllers will not log the new domain-wide NTLM logs. If not configured, domain controllers will default to logging the new domain-wide NTLM logs. More information is available at aka.ms/ntlmlogandblock.