If you only ever want to see NTLMv2 authentication traffic, you'll want to make sure your policy setting for the LAN Manager authentication level is set to "Send NTLMv2 response only/refuse LM & NTLM". Otherwise, domain controllers will still accept LM and NTLM authentication from the server; the client itself (assuming it has the policy) should only use NTLMv2 authentication. It gets murky for me when you're using a proxy since I'm not sure it technically constitutes a "client" when it's passing credentials onward to the domain controller so the "Send NTLMv2 response only/refuse LM & NTLM" setting should remove any worry of that. Of course, this same setting needs to be applied to all three computers (client, proxy, and domain controller). Here's a fairly verbose Knowledge Base article that goes into more depth. http://support.microsoft.com/kb/823659 On Tue, Jan 12, 2010 at 1:06 AM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > ISA and TMG call Windows standard SSPI mechanisms. > > Since it’s within these mechanisms that NTLMv# is enforced, however you > configure Windows is how ISA/TMG will behave. > > ..just like limiting SChannel to SSLv3 or TLS or 128-bit ciphers; we let > SChannel and SSPI do its tang. > > > > Us don bee reinventing dem weelz, no. > > > > *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > *On Behalf Of *Thor (Hammer of God) > *Sent:* Monday, January 11, 2010 7:18 PM > *To:* isalist@xxxxxxxxxxxxx > *Subject:* [isalist] NTLMv2 Auth Listener > > > > If I have a listener requiring NTML or proxy requiring Windows Integrated > Authentication, and I have the policy set to require NTLMv2, that is > enforced and used, correct? Specifically, if I have a Integrate auth proxy > listener requiring authentication, and I enter my domain\username and > password, that particular pair is used for NTLMv2 auth, and it thus “immune” > from Rainbow Table attacks (unless, of course, CUSTOM rainbow tables were > generated with all known domains). Just making sure as I’m seeing what > looks like Negotiate NTLMv2 auth against my internal proxy listener, which > makes me a happy boy, and am making a point against Rainbow Table > attacks. And no Greg, this “rainbow table” is quite different than where > you normally sit in Aussie bars. > > > > t > > > > ____________________ > > *Timothy (Thor) Mullen* > > *thor@xxxxxxxxxxxxxxx* > > *www.hammerofgod.com* > > *Air:* 831-706-7712 > > *Land:* 831-708-THOR > > *C:* int main() {string Cell = "831-706-7712";return 0;} > > *[image: whitethr-crop]* > > > -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer Young Consulting & Staffing Services Company - Owner www.youngcss.com