NTLMSettings

Overview
Syntax
Remote Execution
Output
Use Cases
Example Output
Remote Execution
Detection Considerations
Related Commands

Overview

The NTLMSettings command enumerates NTLM authentication configuration settings on the system. These settings control how NTLM authentication is used, including security levels, client/server requirements, and restrictions that impact credential relay and pass-the-hash attacks.

Syntax

Seatbelt.exe NTLMSettings

Remote Execution

Seatbelt.exe NTLMSettings -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns NTLM configuration including:

LAN Manager authentication level
NTLM minimum security settings
Client/Server requirements
Session security settings
NTLM blocking configuration

Use Cases

Red Team
Blue Team

Assess NTLM relay vulnerability
Determine if NTLMv1 is allowed
Check SMB signing requirements
Plan credential relay attacks
Identify weak authentication settings

Example Output

====== NTLMSettings ======

LAN Manager Authentication Level:
  LmCompatibilityLevel : 5 (Send NTLMv2 response only. Refuse LM & NTLM)

NTLM Minimum Security Settings:
  ClientRequireNTLMv2     : True
  ServerRequireNTLMv2     : True
  RequireSessionSecurity  : True
  Require128BitEncryption : True

Domain Controller Settings:
  RestrictNTLMInDomain : Deny all
  AuditNTLMInDomain   : Enable

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Low detection risk - reads registry configuration.

LSASettings - LSA configuration
CredGuard - Credential Guard status
LogonSessions - Active logon sessions

WindowsEventForwarding LSASettings

⌘I

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

Overview

Syntax

Remote Execution

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

​Overview

​Syntax

​Remote Execution

​Output

​Use Cases

​Example Output

​Remote Execution

​Detection Considerations

​Related Commands

Overview

Syntax

Remote Execution

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Related Commands