How to disable NTLM Windows Server 2019?

How do I enable NTLM authentication in Windows Server 2019?

One of my customers asked me how to enable NTLM authentication on a Windows Server 2024 instance.

The answer was simple and it is actually pretty easy, but I want to make sure it's not the wrong thing to do or anything, because if I'm doing this incorrectly, it's not going to be fun for me. So far, as much as I've looked at, I don't think I am. The answer is in our PowerShell scripts that we use for configuring servers.

As an aside, here's a couple of resources I found that could be of use when trying to get your NTLM enabled for Kerberos authentication: This is going to seem a little odd at first because the instructions on these pages make it seem as though I have to open a registry key and manually edit a specific value, but it's not. No direct registry editing required.reg file:

. It should just say "OK" at this point because I only did a registry edit, but no such luck.

How do I disable NTLM authentication in IIS?

I'm currently working on an ASP.

NET website that requires windows authentication to connect to the database. This is a requirement for us. We're working with a Windows 2024 server running IIS 6. When the site starts up, it gets past the configuration of the website and the first login attempt succeeds, but then I get the following message:
1 - Unauthorized: Logon failed due to server configuration. The problem is that our domain name is in the web.config file as a client id (a client id can't be a server name). We're using the "Anonymous Access" feature, which is why we think the server is trying to authenticate against itself. When I run my site from Visual Studio, I'm able to log in fine. So it's not a permissions issue. When I look at the event viewer, I see a message stating that Windows cannot find a user id of NTLM. That's the problem.

Here's my question. How do I stop IIS from trying to authenticate using NTLM? I'm sure there's something I'm missing here. If anyone could point me in the right direction, that would be much appreciated.

Thanks. If you are working with a single application, then you need to change the mode from "Default" to "Windows". What you're seeing is IIS trying to use Kerberos, which is configured on the server's computer account. To disable this, you'll need to change your authentication method to "NtlmSSP" or "Anonymous".

However, I strongly recommend that you configure Windows authentication on the server, and remove the application from IIS entirely. If you're accessing a database, then you're going to need to authenticate to the database, not to IIS.