A recent security scan of our network reported the vulnerability "NTLM Authentication Host Information Disclosure" in our RemoteApps (Microsoft RemoteApp).
Here's an article that explains it: https://blog.gdssecurity.com/labs/2014/2/12/http-ntlm-information-disclosure.html
The only solution I have been told is to "Disable NTLM authentication over HTTP". I've seen this in several posts, but none really go into detail about what specifically that entails.
I thought it would be a setting in IIS, but I cannot locate anything that even looks remotely like that.
How would I go about disabling NTLM over HTTP?
Would this prevent RemoteApps from working?
