Could you P2V one of the Win95 machines and install the AD client extension on it as a test to see if it works? Back when I had Win 95 machines on a 2003 domain I ended up installing it on all the win9x machines with good success.
Alternately, and this is kind of a kludgey (is that a word?), assuming your forest is at Windows 2003 functional level, could you create a new Win 2003 Domain Controller in its own domain, create a 2 way trust between your existing domain and the new domain, and have the two Win 95 computers log into the new domain? From: Ken Cornetet [mailto:[email protected]] Sent: Tuesday, August 16, 2011 12:51 PM To: NT System Admin Issues Subject: WIndows 95 and Server 2008 R2 DCs I have some Windows 95 computers authenticating against my domain. Currently, the domain is running on Server 2003 DCs, but I am in the process of upgrading to Server 2008 R2 DCs. I have already started to deploy Server 2008 DCs. I have one location that has a couple of Windows 95 computers, and they cannot authenticate against a Server 2008 R2 DC - even with what I think is the appropriate group policy (the same policy allows the Windows 95 machines to authenticate against Server 2003 DCs). OK, I know, Windows 95. But, these are used as controllers in some multi-million dollar machinery that was purchased long ago from a company that is now defunct. Replacing this equipment is simply not an option. Upgrading the OS is not an option. Installing the AD client extension for Windows 9x *might* be an option, but only as a last resort. The factory guys who maintain this equipment obviously do not like to stir the soup, because the apparently only human left on earth who can support this equipment charges 5 figures to just answer the phone. Here's what I have in the Default Domain Controller Policy: Microsoft network client: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (if client agrees) Enabled Network security: Do not store LAN Manager hash value on next password change Disabled Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 session security if negotiated Allow cryptography algorithms compatible with Windows NT 4.0 Enabled Any suggestions? Ken Cornetet 812.482.8499 To err is human - to moo, bovine. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
