RE: [ActiveDir] Windows 2003 and Windows 98 clients

[John Reijnders]

I can confirm this statement from MS. I've seen the lockout issues being solved by the new version of the DS Client. The most recent version is not available on the web site of Microsoft. You need to contact MS for this.   Cheers! John From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: donderdag 9 oktober 2003 18:48 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2003 and Windows 98 clients Per MS instruction to me yesterday, don’t install the dsclient that comes on the Win2K CD. Instead, contact them for the latest version which apparently includes account lockout fixes (I’m still testing to see if that assertion is true)   <mc> -----Original Message----- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2003 and Windows 98 clients   In the Default Domain Controller Security Policy, and in the Domain Security Policy, you have to disable "Domain Member: Digitally encrypt or sign secure channel data (always)". And install the DSClient.    This is a security hole, by the way. Win95 is a real problem in a Win2003 AD environment. You can google for the technical explanation if you really want it. Has to do with private/public key pairs that Win95 cannot generate properly.   Win9x computers will never show in the Computers OU. They aren't domain members, they simply use the domain for authentication and access to resources (AAA).   From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2003 and Windows 98 clients I believe you're going to have to install the AD Client Extensions on those PCs.  You can find the software on the Windows 2000 CD.   Mike Thommes -----Original Message----- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows 2003 and Windows 98 clients Okay, I know that people are going to be like… “Windows 98, come on. Please join us in the Twentieth Century”!!!  But, we need to do testing on Windows98 for our product compatibility.   We just upgraded to Windows 2003 (2000 native) and now it appears that individuals that are running Windows 98,95,ME are not able to authenticate against the domain.  It just prompts them for the username, password and domain.  It just locks the account out after X tries, per our security policy.   We have also tried to use webmail, that previously worked on these PCs.  It prompts for the certificate (which is good), prompts for user/password/domain, then gives you an access is denied.  I think that all these problems with this “ancient” OS are related.   I have the PDC, RID and GC on a W2K3 DC and it appears to be running properly.   Any ideas? Thanks, Steve