Hello Mike -
It sounds like the "Try Authentication" rule from the rule set library is exactly what you're looking for.
Within this rule set you can create filtering rules for "Not Authenticated Users" (Authentication.Failed equals true)
To import this rule set:
Policy > Rule Sets > Add...Rule Set From Library > Authentication > Try Authentication
In the "Authenticate" rule remember to switch the auth method to NTLM instead of the default User Database.
Thanks for your reply, Brent, but processing still stops on the "Authenticate" action.
The difference between your ruleset and "try auth" is one main thing, the criteria of the rule in your screenshot.
Is the criteria Authentication.Authenticate<Settings> AND Authentication.Failed equals false? If so, then this indicates that the client isnt attempting to authenticate at all, and therefore we cannot "try auth". The premise of try auth is that we receive something to see if they will be accepted. If we receive nothing, then there is nothing to try.
Otherwise make sure you have the AND in the criteria.