Tweet
NT LAN Manager (NTLM) is a Microsoft proprietary protocol used in Microsoft Products and operating systems. NTLMv2 is still very widely used in environments and applications where other protocols such as Kerberos are not available. The last versions of the Windows operating systems to have NTLMv1 enabled by default are Windows XP and Windows Server 2003.
The overall process of authentication in Active Directory with the NTLM protocol uses the following steps
The overall process of authentication in Active Directory with the NTLM protocol uses the following steps
- The user enters a username and password into the login prompt or dialog
- The Windows client runs the password through a hashing algorithm to generate a hash for the specific password
- The Windows client transmits the username and hash to a domain controller
- The domain controller generates a 16-byte random character string known as a nonce and transmits it back to the client
- The client encrypts the nonce with the hash of the password and sends it back to the domain controller
- The domain controller retrieves the users password hash from its local SAM and uses it to encrypt the domain controllers copy of the nonce
- If the domain controllers copy of the encrypted nonce matches the nonce the client encrypted and returned to the domain controller, the login request is accepted