Identify if LM Authentication is used

[Guest fridmeister]

Is there a way to log or audit the type of LM Authentication used? I'm

specifically looking for a way to check if there are any applications or

clients that are using legacy LM Authentication that requires LM Hash.

 

I'd like to identify systems prior to bumping up the settings to disable

this and use only NTLMv2 and staying by the phone to see if it rings.

 

I see that Event ID 680 gives some information, but cant tell if that will

tell me if its using LM or NTLM. Also, is this ID only logged on DC's?

 

I'd like to find an something to capture when each protocol is used: LM,

NTLM or Kerberos.

 

Thanks,