PREVENT-1 - SpecterOps Open Source

Summary

Within SCCM’s client push installation properties, there exists a setting to “Allow connection fallback to NTLM” (Figure 1).

In SCCM versions prior to 2207, there exists a bug such that without this setting enabled, the connection will fallback to NTLM regardless of the setting. Microsoft patched this bug in KB15599094. This patch is applied by default to new site installations of version 2207+. This patch only applies to versions 2103+. If the installed version is older, Microsoft recommends updating to a current version.