Regading changes by Miallen (talk) Oct 23, 2008: NTLMSSP is not a challenge-response protocol - NTLM is. NTLMSSP is just the wrapper used by the SSPI to facilitate NTLM and negotiate security options. NTLM authentication is required for non-domain authentication (e.g. a machine that is not "joined" to a domain) and therefore A) Kerberos is not a replacement for NTLM and thus cannot be "favored" and B) the reference to NTLMSSP being removed in Vista is highly suspicious as it's complete removal would universally break non-domain authentication and legacy clients. The citation does not indicate to what degree NTLMSSP has been removed.