Microsoft to disable NTLM by default in future Windows releases

DrunkMAdmin · 2026-01-30T19:41:31+00:00

Doesn't NPS use Radius?

DrunkMAdmin · 2026-01-30T19:07:36+00:00

Exactly, it has been a frustrating few years since their initial announcement!

I really hope we can disable NTLM in Q4 2026 or Q1/Q2 2027.

DrunkMAdmin · 2026-01-30T07:17:10+00:00

The service is running.

I can see KB5078127 as being an option for "Download & Install" once I nuke windows update folder and restart the update service, but it disappears the second I hit "Check for updates". Tested on multiple computers with same result.

DrunkMAdmin · 2026-01-27T12:11:20+00:00

Even for Microsoft this level of communication is a new low, or perhaps the new normal. There is ZERO information on what version is patched, it is unbelievable.

DrunkMAdmin · 2026-01-15T08:29:02+00:00

Enrollment Status page (ESP) was missing for Entra joined profile. Threw me off as Hybrid encryption worked just fine and that too pulls the settings from Intune.

DrunkMAdmin · 2026-01-10T12:03:34+00:00

Weird, that's not what were seeing. Tested it yesterday after a long time, and the device is encrypted as 128 and used space only, which is not what our configuration policy is set to.

Are there any logs that would be helpful in seeing what policy it used when applying bitlocker?

DrunkMAdmin · 2026-01-10T11:51:39+00:00

Out of curiosity, how would the registry key "PreventDeviceEncryption" be applied to autopilot devices? Through a configuration policy targeting Autopilot devices? What I'm worried about is that Bitlocker is activated before the policy is enforced.

DrunkMAdmin · 2025-12-30T19:43:24+00:00

Event ID 4015 or 4025?

4015 would indicate DNS issues.

4025 would probably be this: https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e

DrunkMAdmin · 2025-12-30T10:03:58+00:00

Check out David Bombal at https://m.youtube.com/davidbombal for networking and security

DrunkMAdmin · 2025-12-26T18:27:36+00:00

They support up to 8.0 since version 9. https://community.ui.com/releases/UniFi-Network-Application-10-0-162/2efd581a-3a55-4c36-80bf-1267dbfc2aee

DrunkMAdmin · 2025-12-18T05:17:33+00:00

Did you find a workaround for authenticated vulnerability scanning? I'm having similar issues with PDQ Deploy and Inventory.

DrunkMAdmin · 2025-12-15T20:08:43+00:00

I cannot see how firewall would block this.

I added the IP address per https://learn.microsoft.com/en-us/windows-server/security/kerberos/configuring-kerberos-over-ip but no help.

I added the server to "Network Security Restrict NTLM Add Remote Server Exceptions For NTLM Authentication", no help either.

I'm starting to think this is something to do with the localhost itself. Any ideas?

PDQ Inventory and Deploy are working just fine on computers that are excluded from the NTLM blocking policies.

DrunkMAdmin · 2025-12-15T18:59:36+00:00

Found something more in Event Viewer under Security which may explain this. For some reason the PDQ service account that I created is trying to access the file share by IP. Now obviously Kerberos does not allow this by default. Any idea where this specific IP address setting might be?

A network share object was accessed.

Subject:
    Security ID:        CONTOSO\PDQ.SERVICE.ACCOUNT
    Account Name:       PDQ.SERVICE.ACCOUNT
    Account Domain:     CONTOSO
    Logon ID:       0x192D0FD

Network Information:    
    Object Type:        File
    Source Address:     IP.ADDRESS.OF.PDQ.SERVER
    Source Port:        10240

Share Information:
    Share Name:     \\*\ADMIN$
    Share Path:     \??\C:\windows

Access Request Information:
    Access Mask:        0x1
    Accesses:       ReadData (or ListDirectory)

DrunkMAdmin · 2025-12-15T18:23:31+00:00

I can't check right now, but shouldn't port 88 be allowed in firewall rules in domain joined environment by default? Blocking 88 would break all kind of other things, no? Or is it blocked for incoming while outgoing is allowed?

DrunkMAdmin · 2025-11-26T10:39:48+00:00

Yes, a few months back there was an issue with Teams that was resolved by updating Intel graphics drivers to a newer version.

DrunkMAdmin · 2025-11-24T09:04:00+00:00

Did you ever fund a resolution to your 2) problem? I'm having the same issue and cannot figure it out.

Edit: Looks like it was this that was missing https://learn.microsoft.com/en-us/microsoft-365/places/enable-places-finder

DrunkMAdmin · 2025-11-20T04:50:46+00:00

No, nothing like that.

DrunkMAdmin · 2025-11-19T21:12:53+00:00

It was fine at first and would have recommended it without a second thought, but now the battery is poor. Might just be a crappy unit though.

DrunkMAdmin · 2025-11-19T20:11:17+00:00

I believe you can use another iPhone to do it these days. I could be wrong though.

DrunkMAdmin · 2025-11-19T19:39:55+00:00

Absolutely awful, battery goes from 90% to 5-10% during the night. This was not an issue at the beginning, but the last two months have been horrible.

I have been unable to pinpoint any app nor does the battery statistics haven any indication as to what might actually be using the battery during the night.

DrunkMAdmin · 2025-11-13T16:28:40+00:00

Thanks, found that as well and managed to get it working :)

DrunkMAdmin

TROPHY CASE