Microsoft is planning an important step in the development of its operating systems. The NTLM protocol, a long-standing component of Windows authentication, will be partially removed in Windows 11 and Server 2025. This change affects the Security functions and the Authentication protocol of many systems.
The removal of the NTLM protocol in Windows 11 begins with version 24H2. Microsoft has already NTLMv1 is removed from both systems. Instead, the company recommends replacing NTLM calls with Negotiate, which first Kerberos for authentication.
This measure is part of Microsoft's efforts to improve the security of its operating systems. The focus is particularly on preventing NTLM relay attacks, which have often led to security problems in the past.
Important findings
- NTLMv1 was made from Windows 11 24H2 and server removed in 2025
- Microsoft recommends switching to the Negotiate protocol
- Kerberos is preferred as a safer alternative
- The amendment is intended to NTLM relay attacks prevent
- Documentation for Windows 11 and Server 2025 will be updated
What is the NTLM protocol?
The NTLM protocol plays an important role in Windows network services and the LAN communication. It is used to authenticate users and computers in Windows networks.
Basics of the NTLM protocol
NTLM stands for New Technology LAN Manager and was developed by Microsoft. It enables secure logon to Windows systems and access to network resources. The protocol uses a challenge-response method to verify identity.
History and development
NTLM was introduced in the 1990s and has gone through several versions since then. The most important are
- LANMAN: The original version
- NTLMv1: An improved version with stronger encryption
- NTLMv2: The latest version with additional security features
Use in modern systems
Although NTLM is considered obsolete, it is still used in many systems. It often serves as a fallback solution when more modern protocols are not available. In Windows 11 and Server 2025, Microsoft plans to partially remove NTLM to improve security.
NTLM is a robust protocol, but newer technologies offer better protection for modern networks.
The gradual abandonment of NTLM can also be seen in other areas. Windows Server Update Services is no longer being actively developed and SMTP server functions have been removed from Windows Server 2025 removed. These changes underline Microsoft's efforts to continuously improve the security and efficiency of Windows network services.
Reasons for the removal of the NTLM protocol
Microsoft has announced that it will remove the NTLM protocol from Windows 11 and Server 2025. This decision is based on several important factors relating to the security and modernity of the operating systems.
Security concerns
NTLM has significant security vulnerabilities that make it susceptible to cyber attacks. The main problems are NTLM relay attackswhich are often directed against Active Directory. These attacks exploit vulnerabilities in the protocol to gain control over domain controllers. The outdated Security functions of the NTLM protocol can no longer effectively fend off modern threats.
Modernization of authentication processes
Microsoft is striving to improve authentication methods. Kerberosthe successor to NTLM, offers significant security advantages. It uses tickets and mutual authentication, which increases security. Kerberos also has a time window for ticket validity, which makes replay attacks more difficult. The switch to Kerberos enables a better Password hashing and stronger protection against pass-the-hash attacks.
Compatibility with new technologies
The removal of NTLM opens the way for new technologies. Microsoft is developing new Kerberos functions such as IAKerb and Local KDC as alternatives to NTLM authentication. These innovations are intended to improve the security and flexibility of authentication in Windows 11. Companies are encouraged to familiarize themselves with more modern methods such as multi-factor authentication in order to future-proof their systems.
Effects on Windows 11 users
The removal of the NTLM protocol brings some changes for Windows 11 users. With the update to Windows 11 24H2 users have to adapt to a new way of User authentication set. This System update aims to improve security and promote modern authentication methods.
Changes in the user experience
Users will notice that some older applications may no longer work as usual. The User authentication now takes place via more secure protocols. This can initially lead to irritation, but improves the protection of personal data in the long term.
Necessary adjustments
To work smoothly with Windows 11 24H2 some adjustments are necessary:
- Updating applications to the latest versions
- Checking and adapting network configurations
- Switching to Kerberos or Negotiate for authentication
Support for alternatives
Microsoft recommends switching to alternative authentication methods. Kerberos is the preferred choice for secure network authentication. Users should familiarize themselves with these alternatives in order to benefit from the advantages of improved security.
The changeover may seem challenging at first, but it is an important step towards improving the IT security. With the right preparation and support, Windows 11 users can successfully navigate these changes and benefit from a more secure operating system.
NTLM in the context of Server 2025
With the introduction of Windows Server 2025 There are important changes for the Corporate security. Microsoft is increasingly relying on modern authentication methods and improved Network transport-technologies.
Significance for companies
Windows Server 2025 brings decisive innovations for companies. The removal of NTLMv1 forces companies to review their server infrastructure. A key improvement is the standard activation of Credential Guard on all compatible devices.
Migration to safe alternatives
For a smooth migration, Microsoft recommends switching to Kerberos. Windows Server 2025 now also supports Windows Terminal, which makes administration easier. The new operating system also enables an upgrade from up to four previous versions, starting with Windows Server 2012 R2.
Risk analyses and new requirements
IT administrators need to familiarize themselves with new security features. One important new feature is the optional 32K database page size for Active Directory services. This requires DomainLevel 10 and ForestLevel 10 for installation and significantly improves scalability.
| Feature | Impact |
|---|---|
| Credential Guard | Activated by default |
| 32K database page size | Improved AD scalability |
| Windows Terminal | Simplified server administration |
Alternatives to the NTLM protocol
With the removal of NTLM in Windows 11 and Server 2025, secure alternatives are coming into focus. Microsoft relies on Modern authenticationto increase security and make systems future-proof.
Kerberos: The preferred choice
Kerberos is Microsoft's preferred alternative to NTLM. It has been the standard for authentication in domains since Windows 2000. Kerberos offers improved security through mutual authentication and single sign-on.
Microsoft's recommendations for users
Microsoft has been advising developers not to use NTLM for over ten years. Administrators should deactivate NTLM or configure servers so that NTLM relay attacks can be blocked. Two new Kerberos functions are in the works: IAKerb and Local KDC. These are to be introduced in Windows 11 in order to use Kerberos even more widely.
Other authentication protocols
The Negotiate protocol is a flexible solution. It first attempts authentication via Kerberos and only resorts to NTLM if necessary. Companies can also consider other modern authentication protocols depending on their requirements.
| Protocol | Advantages | Field of application |
|---|---|---|
| Kerberos | High security, single sign-on | Domain environments |
| Negotiate | Flexibility, downward compatibility | Mixed environments |
| OAuth 2.0 | Token-based, good for web apps | Cloud services |
The switch to these secure protocols is an important step towards improving the IT security in companies. Users should familiarize themselves with the alternatives at an early stage to ensure a smooth transition.
Preparation for the removal of the NTLM protocol
The removal of the NTLM protocol requires careful preparation. IT departments need to thoroughly review and adapt their systems to ensure a smooth transition.
Best practices for the IT department
The following steps are recommended for a successful switch to secure alternatives:
- Carrying out an NTLM audit to analyze current usage
- Step-by-step migration to Kerberos as the primary Authentication protocol
- Checking the compatibility of applications and services
- Implementation of best practices for the IT security in Active Directory
The Network configuration plays a decisive role in the System customization. IT teams should ensure that all components are compatible with the new security standards.
Instructions for customizing systems
Microsoft provides detailed support articles to help with the customization of systems:
- Instructions for enforcing a minimum NTLM version via SMB
- Step-by-step instructions for deactivating NTLM
- Setting up exceptions for critical systems that still require NTLM
When implementing these measures, it is important to maintain a balance between security and functionality. Thorough planning and step-by-step implementation can minimize potential disruptions and improve IT security in the long term.
Support and resources for users
Microsoft offers extensive support when switching from NTLM to newer authentication protocols. Users will find numerous resources to help them with this process.
Official Microsoft documentation
The official Documentation from Microsoft is a valuable source of detailed information. It is regularly updated and translated into several languages. Users can find it here:
- Step-by-step instructions for the changeover
- Technical specifications for Kerberos and other alternatives
- Safety instructions and best practices
Forums and community support
Community forums offer a platform for sharing experiences. Users can here:
- Ask questions and get answers from experts
- Get tips from other users
- Finding solutions for specific problems
The Microsoft support also provides technical blogs that provide deeper insights into the topic.
| Resource | Description | Advantages |
|---|---|---|
| Official Documentation | Detailed technical information | Reliable, up-to-date, multilingual |
| Community forums | Platform for user questions and answers | Practical solutions, exchange of experience |
| Technical blogs | In-depth analysis and explanations | Expert knowledge, current developments |
By utilizing these resources, users can successfully manage the transition from NTLM to more secure authentication methods.
Frequently asked questions about NTLM removal
The NTLM migration raises many questions. Here we clarify the most important points regarding implementation and the consequences for existing applications.
How is the removal implemented?
Microsoft has removed NTLMv1 from Windows 11 with the 24H2 update. Windows Server 2025 has also been updated accordingly. The removal takes place step by step through System upgrades. Administrators are prompted to make NTLM calls through the Negotiate protocol to replace it. Microsoft is relying on new Security functions:
- Extended Protection for Authentication (EPA)
- LDAP Channel Binding
These measures are intended to curb NTLM relay attacks and restrict authentication to predefined servers.
What happens to existing applications?
The Application compatibility is a key challenge. Many companies still use legacy applications with integrated NTLM authentication. These need to be adapted or replaced. Developers should check their code for hard-coded NTLM implementations. For the transition period, Active Directory offers group policies to restrict and monitor NTLM usage.
Companies that use self-service password reset solutions need Kerberos-compatible tools such as Specops uReset. Microsoft recommends Kerberos as a secure Authentication protocol and strengthens its functionality in Windows 11:
- IAKerb Public Extension
- Kerberos support for local accounts with AES encryption
The NTLM migration and System upgrades require careful planning. Companies should review and gradually adapt their IT infrastructure to ensure a smooth transition.
Future outlook: Authentication in Windows
The The future of authentication in Windows promises exciting developments. With the planned removal of NTLM in Windows 11 and Server 2025, new trends in IT security are emerging.
Trends in IT security
Modern authentication methods are gaining in importance. Multi-factor authentication and biometric methods are coming to the fore. Windows 11 IoT Enterprise LTSC 2024 introduces improved security features, including enhanced options for Braille displays and live captions.
Cybersecurity trends are also reflected in the further development of the Task Manager. New functions such as the efficiency mode for limiting the resource utilization of processes and extended filter options improve system security.
The role of artificial intelligence
AI in IT security is becoming increasingly important. Microsoft is investing in the development of advanced security technologies for future versions of Windows. These AI-supported systems are designed to detect and ward off threats at an early stage.
One example of the use of AI is the improvement of remote access security. Windows 11 IoT Enterprise LTSC 2024 offers enhanced connection designs and new zoom options for Remote Desktop that are optimized by AI.
The The future of authentication in Windows relies on a combination of advanced protocols such as Kerberos and AI-supported security mechanisms. This development promises more robust protection measures against cyber attacks and an improved user experience.
Conclusion: NTLM and the need for adaptation
The IT security modernization is an important step for the The future of Windows. The removal of the NTLM protocol marks a turning point in the security landscape of Microsoft systems.
Summary of the most important points
The abolition of NTLM requires comprehensive Adaptation strategies. Companies need to review their systems and switch to more secure alternatives such as Kerberos. This applies to both Windows 11 and Server 2025.
- SMB v1 and NTLM v1 are outdated and insecure
- LDAP signing and channel binding improve security
- Adjustment of user rights is necessary
Outlook on developments
The The future of Windows will be characterized by continuous improvement in security. New technologies such as AI will play an important role. IT managers must remain vigilant and update their systems regularly.
| Measure | Meaning |
|---|---|
| Switch to SMB v2/v3 | Increased safety and performance |
| Change to Kerberos | Secure authentication mechanism |
| Regular audits | Early detection of security vulnerabilities |
The IT security modernization is an ongoing process. Companies must Adaptation strategies continuously to keep pace with constantly evolving threats.
The The future of Windows depends to a large extent on the ability to adapt to new safety standards. Only through proactive action and the implementation of effective Adaptation strategies companies can protect their IT infrastructure in the long term.
Further information and links
For IT professionals and interested users, there are numerous ways to find out about the changes to the NTLM protocol. Microsoft resources provide comprehensive details on the planned removal and the impact on Windows 11 and Server 2025.
Useful websites and articles
The official MicrosoftDocumentation is a valuable source of technical information. There you will find instructions for implementing Kerberos and other secure authentication methods. IT security blogs offer additional insights into best practices and current developments in the field of network security.
Contact persons and support options
For specific questions, various Support channels available. The Microsoft support team offers direct help with the migration from NTLM to more secure protocols. IT experts can exchange experiences and receive practical tips on the changeover in specialist forums. Regular updates from Microsoft should be followed in order to always be informed about the latest security recommendations.
English 
Deutsch
Recent Comments