PrepAway - Latest Free Exam Questions & Answers

Does this meet the goal?

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet.
Does this meet the goal?

PrepAway - Latest Free Exam Questions & Answers

A.
Yes

B.
No

Explanation:
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
On Client, the PowerShell approach (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol)
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

However, the question asks about Server!
On Server, the PowerShell approach (Remove-WindowsFeature FS-SMB1):
Remove-WindowsFeature FS-SMB1

Even if SMB1 is removed, SMB2 and SMB3 could still run NTLM authentication! Therefore, answer is a
“NO”.

One Comment on “Does this meet the goal?

  1. leonnl says:

    while the answer is correct, the supplied explanation about the SMBv1 is incorrect.

    Disabling NTLM is done through (local)GPO security settings.

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

    Network Security: Restrict NTLM:******




    3



    0

Leave a Reply