That's not going to change the lack of authentication between Win95 and a 2008R2 DC.
* * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Aug 16, 2011 at 2:30 PM, <[email protected]> wrote: > ** Could you not P2V the Win95 boxes and run them as virtual guests of > some type on an XP workstation with autologon configured on the 95 guests? > Although this may defeat the point of having them authenticate in the first > place... > > Sent from my POS BlackBerry wireless device, which may wipe itself at any > moment > ------------------------------ > *From: * "Andrew S. Baker" <[email protected]> > *Date: *Tue, 16 Aug 2011 14:24:28 -0400 > *To: *NT System Admin Issues<[email protected]> > *ReplyTo: * "NT System Admin Issues" < > [email protected]> > *Subject: *Re: WIndows 95 and Server 2008 R2 DCs > > Given the business situation, it would seem that you have the choice > between the following: > > -- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as > it is not supported) - http://support.microsoft.com/kb/954387 > -- Leaving the Win2K3 DCs in place > > > * * > > *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of > Technology for the SMB market… > > * > > > > On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet > <[email protected]>wrote: > >> I have some Windows 95 computers authenticating against my domain. >> Currently, the domain is running on Server 2003 DCs, but I am in the process >> of upgrading to Server 2008 R2 DCs. I have already started to deploy Server >> 2008 DCs.**** >> >> ** ** >> >> I have one location that has a couple of Windows 95 computers, and they >> cannot authenticate against a Server 2008 R2 DC – even with what I think is >> the appropriate group policy (the same policy allows the Windows 95 machines >> to authenticate against Server 2003 DCs).**** >> >> ** ** >> >> OK, I know, Windows 95. But, these are used as controllers in some >> multi-million dollar machinery that was purchased long ago from a company >> that is now defunct. Replacing this equipment is simply not an option. >> Upgrading the OS is not an option. Installing the AD client extension for >> Windows 9x **might** be an option, but only as a last resort. The factory >> guys who maintain this equipment obviously do not like to stir the soup, >> because the apparently only human left on earth who can support this >> equipment charges 5 figures to just answer the phone.**** >> >> ** ** >> >> Here’s what I have in the Default Domain Controller Policy:**** >> >> Microsoft network client: Digitally sign communications (always) * >> Disabled***** >> >> Microsoft network server: Digitally sign communications (always) * >> Disabled***** >> >> Microsoft network server: Digitally sign communications (if client agrees) >> *Enabled***** >> >> Network security: Do not store LAN Manager hash value on next password >> change *Disabled***** >> >> Network security: LAN Manager authentication level *Send LM & NTLM - use >> NTLMv2 session security if negotiated***** >> >> Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* ** >> ** >> >> ** ** >> >> Any suggestions?**** >> >> ** ** >> >> Ken Cornetet 812.482.8499**** >> >> To err is human - to moo, bovine.**** >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
