; GPO Backup Template - Security – NTLMv2 Enforcement
; Import via GPMC: Group Policy Objects → Right-click → Import Settings

[General]
DisplayName=Security – NTLMv2 Enforcement
GPOType=Computer

[Machine\Microsoft\Windows\CurrentVersion\Policies\System]
; LAN Manager authentication level = NTLMv2 only (LmCompatibilityLevel=5)
"LmCompatibilityLevel"=dword:00000005

[Machine\System\CurrentControlSet\Control\Lsa]
; Prevent LM hash storage
"NoLMHash"=dword:00000001

[Machine\System\CurrentControlSet\Control\Lsa\MSV1_0]
; Restrict outgoing NTLM traffic (optional block mode can be enforced manually)
"RestrictSendingNTLMTraffic"=dword:00000002

; Require 128-bit NTLM session security
"NTLMMinClientSec"=dword:20000000
"NTLMMinServerSec"=dword:20000000

[End]