Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'.
$RegistryPath = 'HKEY_LOCAL_MACHINE:System\CurrentControlSet\Control\Lsa' $Name = 'LmCompatibilityLevel' $Value = '5'
If (-NOT (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null }
New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force