Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Note: Audit and block events are recorded on this computer in the "NTLMBlock" Log located under the Applications and Services Log/Microsoft/Windows/Security-NTLM.