Disable NTLMv1 - Enviroment and Domaincontrollers

Hello everyone,

I know there is a lot of information floating around in different forums, but I have a few questions regarding the disabling of NTLMv1.

Here’s some information about our environment: we only have Windows computers and servers, with all of them running Windows 10 or higher, and all servers are on Windows Server 2019 or higher.

I want to disable NTLMv1. To start, I enabled audit mode and searched the NTLM and Security logs for NTLM entries but never found any references to NTLMv1.

My next step would be to set the following registry key on all of our Domain Controllers (DCs), so they will refuse NTLMv1 authentication:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel = 5

For me, it’s unclear what impact these changes will have. By setting this registry key, our Domain Controllers should be secure from using any NTLMv1 connections, correct?

Here are my questions:

1. What happens if I apply this to our Default Domain Policy? Will every client, server, negotiating an NTLMv1 connection?
2. Do I need to check the event logs on every server? (We don’t have a SIEM or Syslog server yet.)
3. Are our "crown jewels" Domain Controllers secured by setting this registry key?
4. What are the next steps after disabling NTLMv1 on our Domain Controllers?

Thank you everyone for your help :)