Now safe: Microsoft finally kicks NTLM out of Windows
Redmond announced the move six months ago, and now it's official: "NT LAN Manager" will be discontinued after the next Windows release.
Screw the Windows settings.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
All versions of NTLM will no longer be developed further and are considered obsolete (deprecated). With this statement, Microsoft has now substantiated its announcement from last October and is drawing a line under the "New Technology LAN Manager", for many years the standard authentication protocol in Windows networks.
As Microsoft writes in its overview of obsolete features, this affects LANMAN as well as NTLMv1 and NTLMv2 in server and client versions of Windows. However, NTLM is still supported in the 2025 server release and the upcoming 24H2 update for Windows 11.
Videos by heise
Last year, the timeline for NTLM deprecation still seemed shaky. In the first announcement on the"Evolution of Authentication in Windows", Microsoft spoke of a "data-driven approach" to determine the spread of the protocol. The data now seems to indicate that it will soon be abolished.
The main reason for the move away from NTLM is security concerns. The flexibility and reliability of Kerberos is simply higher, according to the software company, which has now recreated practically all the key functions of the old authentication protocol in the new one.
Users should initiate the changeover now
Even back then, Redmond recommended that its customers catalog NTLM usage in their networks to make the switch easier. Application developers should also take action and change API calls to the successor Negotiate. Corresponding technical articles are available on the Microsoft help pages.
(cku)
