On Tue, Jan 20, 2009 at 5:13 PM, Bill Monicher <[email protected]> wrote:
> The reason is complex, but the machine is doing machine control work
> using Arcnet. There are no Arcnet drivers for later OSs.
That's ancient. You're running on borrowed time. Sooner or later
something there is going to break that you won't be able to fix, and
suddenly the cost of upgrading will look tiny compared to the cost of
the downtime you'll be in the middle of.
"If you think it costs a lot to do it right, just wait until you
find out how much it costs to do it wrong."
</sermon>
> Currently, the machine is in a workgroup that has the same name as an
> NT 4 domain.
> If I log on locally to the W95 box, I can access resources on the
> server, but ONLY IF THE NT4 PDC IS RUNNING.
You don't really log on to a 9X box the way you log on to an NT box.
On 9X, you can enter a username and password, and it lets you on, and
it will attempt to use those credentials for network connections, but
if they don't work, you're just as "logged in" to the Win9X box as you
were otherwise. It's more of a password-saving-mechanism than a real
logon. (Well, there's the 9X password cache, but you can bypass it by
hitting [ESC], so that's not worth much.)
So, I believe the behavior you report is nominal. IIRC, 9X depends
on domain controllers for all domain authentication. Unlike NT, 9X
has no concept of anything like a machine trust account. So the
Active Directory domain (Win 2000) has absolutely no knowledge of the
9X box, or any logon credentials you might have used. 9X has to run
everything through the NTLM domain controller for it to work.
Why are you shutting off the NTLM PDC in the first place? An NTLM
domain needs an operational PDC. "No PDC" basically means "no domain"
(baring BDC promotion). Shutting down the PDC, even temporarily, is a
Big Deal and should be avoided whenever possible. It's not like
you're getting security patches that require reboots. ;-)
I assume the NTLM domain is still in production use, since you
noticed when it went away. If the idea here is to migrate to
something more modern, you should probably finish migrating before
shutting things off. ;-)
By the time you get around to decommissioning the NTLM PDC, there
should be no trace of the NTLM domain name anywhere else in the
network. All your clients and member servers should be using a
different domain or workgroup. If there's still mention of the NTLM
domain anywhere, you're not ready to decomission the PDC yet.
> Putting the machine in a workgroup called WORKGROUP.
Tell 9X to operate in a workgroup with a name matching that of your
Active Directory NetBIOS name ("Pre-Windows 2000" "Downlevel" or
whatever Microsoft's calling it these days). Tell 9X to logon to a
domain matching same. Create a user account in the AD domain for the
9X user logon. That will mean 9X is operating against the AD domain,
not the NTLM domain.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
