Setting LmCompatibilityLevel in Registry Editor is same as changing Local Security Policy?

9.6k Views Asked by Dixie At 13 April 2025 at 13:03

I would like to write a batch script to change the

Local Security Policy -> LAN Manager Authentication Level

to "Send LM & NTLM - use the NTLMv2 session security if negotiated".
I added the following statement to my batch script to achieve this:

reg add HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel /t REG_SZ /d 1 /f

I can see in the registry editor that the value was updated, however when I go to

Local Security Policy -> Local Policies -> Security Options -> Network security LAN Manager -> Authentication level

the security setting still shows up as "Not Defined" instead of "Send LM & NTLM - use NTLMv2 session security if negotiated".

Am I doing something wrong?
Is there another way to automate this using a batch script?

Referenced Article:
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

Original Q&A

There are 2 best solutions below

julien On 10 February 2021 at 16:39

Your registry value is wrong type (/t REG_SZ in your reg add command). It is a REG_DWORD value, so your LmCompatibilityLevel added value is ignored.

Try instead:

/t REG_DWORD

Otherwise you could also use domain group policy instead of a batch script.

Valery Barysik On 09 September 2022 at 09:27

reg.exe add HKLM\System\CurrentControlSet\Control\Lsa\ /v LmCompatibilityLevel /t REG_DWORD /d 1 /f

Setting LmCompatibilityLevel in Registry Editor is same as changing Local Security Policy?

There are 2 best solutions below

Related Questions in BATCH-FILE

Related Questions in LOCAL-SECURITY-POLICY

Trending Questions

Popular # Hahtags

Popular Questions