|
Posted by Steven L Umbach on June 28, 2005, 10:57 am
Please log in for more thread options Well that is strange that it would not work with NTLMV2 as by default a
Windows 2000/2003 server will accept any downlevel authentication method
from LM to NTLMv2. It is hard to say what was going on there. If you have
not done such I would still try enabling SMB signing on the W98 computer.
There is also an updated version of Directory Services Client for W98 so
depending on the version you were using that may have been an issue. As far
as the problem with config.pol. I don't know offhand what the issue could be
but Windows 2003 Server is much more locked down than Windows 2000 and is
not real friendly to downlevel clients in default configuration. Check out
the link below which discusses a lot of incompatibilities with security
options for Windows 2000/2003 and downlevel clients which may help you
resolve the config.pol issue though I would be careful in reducing security
on your Windows 2003 domain unless it is more important for you to get the
config.pol working for the Windows 98 computer. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
> Hello Steven!
>
> Can't believe it... We've already tried to activate the NTLM 2
> authentication but we couldn't log on afterwards. Now I tried it again on
> a clean install an it works!!
>
> Fine, now can we access the Fileshares, but it seems the "config.pol" was
> not used. We still can do anything on the machine. Maybe you can help me
> with this again? :)
>
> Regards
> Michael P. Schieferer
>
> Steven L Umbach schrieb:
>> The two biggest problems with downlevel clients are the security options
>> for lan manager authentication level and digitally signing of
>> communications. More than likely the problem is that the Windows 2003
>> server requires digitally signing of communications. You can use Local
>> Security Policy [secpol.msc] and find the security option for Microsoft
>> network server:digitally sign communications:always and set it to
>> disabled or enable SMB signing via a registry mod on the Windows 2003
>> Server. The link below may help even though it discusses domain logon,
>> but it shows how to enable NTLMv2 and SMB signing on Windows 98
>> computers. Beyond that enabling netmon on the server where access is
>> being denied and doing a packet trace of the access attempt may be
>> helpful. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
>>
>>
>>>Hello,
>>>
>>>we have a Windows Server 2003 infrastructure here with Windows XP PC. Now
>>>we have to integrate a Windows98 PC for our development Departement.
>>>
>>>After setting up the Win98 Client and "joining" the domain we can
>>>successfully logon but don't get access to any FileShare. DHCP Leases are
>>>function proper also the ping succeded but if we try to map a Share using
>>>"net use DEVICENAME \server\share" we get an access denied.
>>>
>>>Further did we create a "config.pol" file with Win98 Poledit and stored
>>>it in the netlogon shares on the DCs but the changes won't apply...
>>>
>>>We've tried for days now searching newsgroups but still haven't a
>>>solution. We've found several KB Articles as "KB323455" and "KB271496"
>>>but no change.
>>>
>>>Maybe you can help us, regards
>>>Michael P. Schieferer
>>
>>
| 
XML Sitemap