Can anyone tell me what security template(s) I should use if I only wanted NTLMv2 and Kerberos authentication on in my environment? We have NT4, 2000, 2003 machines. Also, do I need to configure workstations, servers and dc's or just dc's?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, April 06, 2005 11:42 AM To: [email protected] Subject: RE: [ActiveDir] LAN Manger v2.1 Authentication Yes, I have seen this document... Thank you so much for the suggestion, this may be a bug from doing an in place upgrade of an NT 4 domain. I'll try applying 2003 server sp1 and see if it fixes this. It's probably best to not use a LANMANGER boot disk and just go to a WINPE boot disk that supports NTLMv2 and SMB signing. Jose :-) ----------------------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al Sent: Wednesday, April 06, 2005 6:03 AM To: [email protected] Subject: RE: [ActiveDir] LAN Manger v2.1 Authentication I assume you've seen this: http://support.microsoft.com/kb/325379 And since you've already disabled SMB signing the next step would be turn on auditing and check for and correct the errors you see. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, April 05, 2005 5:46 PM To: [email protected] Subject: [ActiveDir] LAN Manger v2.1 Authentication Greetings, We just upgraded out NT 4 servers to Windows 2003 server and the migration went as well as can be expected, however I am now trying to image several servers using Power Quest's drive image pro with a boot disk that uses LAN manger and I can no longer authenticate against AD. I changed the domain controller and domain security policy to allow LAN manager authentication and I disabled SMB signing. The server I am using for imaging is a 2000 member server to AD 2003 is and the AD controllers are in native mode. Would any one happen to know what else I need to disable in the domain controller security policy to allow a DOS boot disk to authenticate ? Also, I found that If I remove the imaging server from the domain authentication works with the boot disk. Any suggestions would be greatly appreciated. Sincerely, Jose Medeiros 408-449-6621 Cell MCP+I, MCSE, MCT NT Engineering Association & SFNTUG www.ntea.net www.sfntug.org List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
