 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / Security / June 2005Cannot access Resources from a Win98 ClientPC
Hello, we have a Windows Server 2003 infrastructure here with Windows XP PC. Now we have to integrate a Windows98 PC for our development Departement. After setting up the Win98 Client and "joining" the domain we can successfully logon but don't get access to any FileShare. DHCP Leases are function proper also the ping succeded but if we try to map a Share using "net use DEVICENAME \\server\share" we get an access denied. Further did we create a "config.pol" file with Win98 Poledit and stored it in the netlogon shares on the DCs but the changes won't apply... We've tried for days now searching newsgroups but still haven't a solution. We've found several KB Articles as "KB323455" and "KB271496" but no change. Maybe you can help us, regards Michael P. Schieferer The two biggest problems with downlevel clients are the security options for lan manager authentication level and digitally signing of communications. More than likely the problem is that the Windows 2003 server requires digitally signing of communications. You can use Local Security Policy [secpol.msc] and find the security option for Microsoft network server:digitally sign communications:always and set it to disabled or enable SMB signing via a registry mod on the Windows 2003 Server. The link below may help even though it discusses domain logon, but it shows how to enable NTLMv2 and SMB signing on Windows 98 computers. Beyond that enabling netmon on the server where access is being denied and doing a packet trace of the access attempt may be helpful. --- Steve http://support.microsoft.com/default.aspx?scid=kb;en-us;555038 > Hello, > [quoted text clipped - 15 lines] > Maybe you can help us, regards > Michael P. Schieferer Hello Steven! Can't believe it... We've already tried to activate the NTLM 2 authentication but we couldn't log on afterwards. Now I tried it again on a clean install an it works!! Fine, now can we access the Fileshares, but it seems the "config.pol" was not used. We still can do anything on the machine. Maybe you can help me with this again? :) Regards Michael P. Schieferer Steven L Umbach schrieb: > The two biggest problems with downlevel clients are the security options for > lan manager authentication level and digitally signing of communications. [quoted text clipped - 29 lines] >>Maybe you can help us, regards >>Michael P. Schieferer Well that is strange that it would not work with NTLMV2 as by default a Windows 2000/2003 server will accept any downlevel authentication method from LM to NTLMv2. It is hard to say what was going on there. If you have not done such I would still try enabling SMB signing on the W98 computer. There is also an updated version of Directory Services Client for W98 so depending on the version you were using that may have been an issue. As far as the problem with config.pol. I don't know offhand what the issue could be but Windows 2003 Server is much more locked down than Windows 2000 and is not real friendly to downlevel clients in default configuration. Check out the link below which discusses a lot of incompatibilities with security options for Windows 2000/2003 and downlevel clients which may help you resolve the config.pol issue though I would be careful in reducing security on your Windows 2003 domain unless it is more important for you to get the config.pol working for the Windows 98 computer. --- Steve http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 > Hello Steven! > [quoted text clipped - 44 lines] >>>Maybe you can help us, regards >>>Michael P. Schieferer Hello Steve! Thank you very much for your inspiration, now I've found a way to get things working. For the log in and fileshare problem the solution was to simple turn NTLMv2 Authentication on. To get the System policies working there is a really fine KB article (How To Create a System Policy Setting in Microsoft Windows Server 2003 found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;814598) Now all things are working I can go home :D Michael Steven L Umbach schrieb: > Well that is strange that it would not work with NTLMV2 as by default a > Windows 2000/2003 server will accept any downlevel authentication method [quoted text clipped - 62 lines] >>>>Maybe you can help us, regards >>>>Michael P. Schieferer Oops. or enable SMB signing via a registry mod on the Windows 2003 Server should read -- or enable SMB signing via a registry mod on the Windows 98 computer. --- Steve > The two biggest problems with downlevel clients are the security options > for lan manager authentication level and digitally signing of [quoted text clipped - 29 lines] >> Maybe you can help us, regards >> Michael P. Schieferer |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.