en-US

Log Enhanced Domain-wide NTLM Logs

Supported on: At least Windows 11 Version 24H2

Registry

HKLM Software\Policies\Microsoft\Netlogon\Parameters

Value name: EnableEnhancedDomainNtlmLogs

Enabled: EnableEnhancedDomainNtlmLogs = 1

Disabled: EnableEnhancedDomainNtlmLogs = 0

Description

This policy setting configures whether the domain controllers to which this setting is applied will log the new, enhanced domain-wide NTLM logs. These logs contain more information about NTLM authentication on a domain-wide level, including NTLMv1 usage. If enabled, domain controllers will log the new domain-wide NTLM logs. If disabled, domain controllers will not log the new domain-wide NTLM logs. If not configured, domain controllers will default to logging the new domain-wide NTLM logs. More information is available at aka.ms/ntlmlogandblock.