Can computer account (DOMAIN\MACHINE$) be authenticated using NTLM or only Kerberos?

Considering the security, I would say only Kerberos. In enviroments where NTLM is used, it can authenticate with NTLM, but I would not recommend this. Certifications: MCSA 2003 MCSE 2003

This is not whatwe areseeing. We have two domains with one-way trust (A trusts B). User B\SomeUser authenticates in A with NTLM, but for B\SomeMachine$ we are getting NT AUTHORITY\ANONYMOUS LOGON. Is there security setting that controls this? Why computer account behavior is defferent from user account?

NTLM The NTLM protocol is the default protocol used for network authentication in the WindowsNT 4.0 operating system. For compatibility reasons, it is used by Active Directory domains to process network authentication requests that come from earlier Windows-based clients and servers. Computers running Windows2000, WindowsXP or Windows Server2003 use NTLM only when authenticating to servers running WindowsNT 4.0 and when accessing resources in WindowsNT 4.0 domains. When the NTLM protocol is used between a client and a server, the server must contact a domain authentication service on a domain controller to verify the client credentials. The server authenticates the client by forwarding the client credentials to a domain controller in the client account domain. The authentication protocol of choice for Active Directory authentication requests, when there is a choice, is Kerberos version 5. When the Kerberos protocol is used, the server does not have to contact the domain controller. Instead, the client gets a ticket for a server by requesting one from a domain controller in the server account domain; the server validates the ticket without consulting any other authority. Kerberos Version 5 Protocol The Kerberosversion 5 protocol is the default authentication protocol used by computers running Windows2000, WindowsXP Professional, or Windows Server2003. This protocol is specified in RFC 1510 and is fully integrated with Active Directory, server message block (SMB), HTTP, and remote procedure call (RPC), as well as the client and server applications that use these protocols. In Active Directory domains, the Kerberos protocol is used to authenticate logons when any of the following conditions is true: The user who is logging on uses a security account in an Active Directory domain. The computer that is being logged on to is a Windows2000, WindowsXP or Windows Server2003based computer. The computer that is being logged on to is joined to an Active Directory domain. The computer account and the user account are in the same forest. The computer from which the user is trying to access resources is located in a non-Windows Kerberos realm. If any computer involved in a transaction does not support the Kerberosversion 5 protocol, the NTLM protocol is used.Quote from: Technet What Are Domain and Forest Trusts? Certifications: MCSA 2003 MCSE 2003

Thank you for the reply, but it does not answer my question: why computer account behavior is defferent from user account?