RE: [ActiveDir] Windows 2003 and Windows 98 clients

Thu, 09 Oct 2003 09:45:34 -0700

I will give this a try.

 

Thanks for all of your help, group.

 

*****************************************

Steve Shaff

Active Directory / Exchange Administrator

Corillian Corporation

(W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Thursday, October 09, 2003 9:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 2003 and Windows 98 clients

 

In the Default Domain Controller Security Policy, and in the Domain Security Policy, you have to disable "Domain Member: Digitally encrypt or sign secure channel data (always)". And install the DSClient. 

 

This is a security hole, by the way. Win95 is a real problem in a Win2003 AD environment. You can google for the technical explanation if you really want it. Has to do with private/public key pairs that Win95 cannot generate properly.

 

Win9x computers will never show in the Computers OU. They aren't domain members, they simply use the domain for authentication and access to resources (AAA).

 

From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 12:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 2003 and Windows 98 clients

I believe you're going to have to install the AD Client Extensions on those PCs.  You can find the software on the Windows 2000 CD.

 

Mike Thommes

-----Original Message-----
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 11:19 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Windows 2003 and Windows 98 clients

Okay, I know that people are going to be like… “Windows 98, come on. Please join us in the Twentieth Century”!!!  But, we need to do testing on Windows98 for our product compatibility.

 

We just upgraded to Windows 2003 (2000 native) and now it appears that individuals that are running Windows 98,95,ME are not able to authenticate against the domain.  It just prompts them for the username, password and domain.  It just locks the account out after X tries, per our security policy.

 

We have also tried to use webmail, that previously worked on these PCs.  It prompts for the certificate (which is good), prompts for user/password/domain, then gives you an access is denied.  I think that all these problems with this “ancient” OS are related.

 

I have the PDC, RID and GC on a W2K3 DC and it appears to be running properly.

 

Any ideas?


Thanks,
Steve

Reply via email to