The Network Security: Restrict NTLM: Audit Incoming NTLM Traffic setting should be configured correctly.
This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log/Microsoft/Windows/NTLM.
Fix:
(1) GP ...