Given the business situation, it would seem that you have the choice between the following:
-- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as it is not supported) - http://support.microsoft.com/kb/954387 -- Leaving the Win2K3 DCs in place * * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet <[email protected]>wrote: > I have some Windows 95 computers authenticating against my domain. > Currently, the domain is running on Server 2003 DCs, but I am in the process > of upgrading to Server 2008 R2 DCs. I have already started to deploy Server > 2008 DCs.**** > > ** ** > > I have one location that has a couple of Windows 95 computers, and they > cannot authenticate against a Server 2008 R2 DC – even with what I think is > the appropriate group policy (the same policy allows the Windows 95 machines > to authenticate against Server 2003 DCs).**** > > ** ** > > OK, I know, Windows 95. But, these are used as controllers in some > multi-million dollar machinery that was purchased long ago from a company > that is now defunct. Replacing this equipment is simply not an option. > Upgrading the OS is not an option. Installing the AD client extension for > Windows 9x **might** be an option, but only as a last resort. The factory > guys who maintain this equipment obviously do not like to stir the soup, > because the apparently only human left on earth who can support this > equipment charges 5 figures to just answer the phone.**** > > ** ** > > Here’s what I have in the Default Domain Controller Policy:**** > > Microsoft network client: Digitally sign communications (always) *Disabled > ***** > > Microsoft network server: Digitally sign communications (always) *Disabled > ***** > > Microsoft network server: Digitally sign communications (if client agrees) > *Enabled***** > > Network security: Do not store LAN Manager hash value on next password > change *Disabled***** > > Network security: LAN Manager authentication level *Send LM & NTLM - use > NTLMv2 session security if negotiated***** > > Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* *** > * > > ** ** > > Any suggestions?**** > > ** ** > > Ken Cornetet 812.482.8499**** > > To err is human - to moo, bovine.**** > > > ** > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
