|
Posted by Diane on June 27, 2006, 4:51 pm
Please log in for more thread options Thank you Steve. The article is great. I have reviewed the settings you
suggested and agree they look like a good place to start. I will be able to
try the settings changes over the next few days and will let you know how it
goes.
Diane
"Steven L Umbach" wrote:
> My guess is that since they are trying to access from an NT4.0 domain that
> the problem could be related to anonymous user access in the security
> settings in Local Security Policy of the Windows 2003 server which can be
> accessed via secpol.msc on that server and look at the security options
> under local policies\security options of which there are about five for
> anonymous access under network access: settings. Be sure to document your
> current settings and easy way would be to right click security options and
> select export. Then you need to specify a file name and location for the
> saved settings and be sure to print the list so that you can see the export
> was successful. The link below is a great KB article about the various
> security settings and incompatibilities that may arise from various
> settings. After you change a setting run gpupdate /force on the Windows
> 2003 server to implement the changes in security policy. The two settings
> which I would start with are to set do not allow anonymous enumeration of
> sam accounts and shares to be disabled and let everyone permissions apply to
> anonymous users to be enabled. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
>
> >I am not familiar with security, so I apologize in advance for what are
> > likely very naive questions.
> >
> > Our site has 2 domains. Users log into domain A which is an old NT 4
> > server. Domain B has windows 2k DCs, win 2k exchange 2003 server, and a
> > win
> > 2003 standard member server. A trust relationship exists between domain A
> > and domain B. Also, the usernames and passwords are identical on both
> > domains. No issues accessing the win2k servers from users logged into
> > Domain
> > A - it's only with the win2003 server.
> >
> > A new client/server application has been installed on the win 2003 server
> > (no service packs) with a client app on Win XP Pro/SP2 desktops. Whenever
> > users attempt to use the client, it will not run until they use explorer
> > to
> > browse to the proper 2003 folder. They then get a username/password
> > request.
> > They must log in to Domain B after which they can map to the application
> > folders and access what is needed. They can then use the app with no
> > issue.
> > After they log off, the whole thing must be repeated the next time they
> > log
> > on and want to use the app. I have added domain B/domain uers to the
> > folder
> > permissions and security and, scanned the security and account policies on
> > the 2003 server but am wary of changing anything and causing bigger
> > problems.
> > Can someone help me
> > understand what needs to be done to avoid the logon issue every time a
> > user
> > wants to use this application? More applications of this type are coming,
> > so
> > I just see the issue increasing.
> >
> > Thanks very much for your help.
>
>
>
| 
XML Sitemap