Yes.
Also don't forget those described here ('way back machine...):
<http://theessentialexchange.com/blogs/michael/archive/2007/11/13/windows-9x-workstations-in-a-windows-2003-domain.aspx>
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Miller Bonnie L. [mailto:[email protected]]
Sent: Wednesday, January 12, 2011 2:09 PM
To: NT System Admin Issues
Subject: RE: Domain and Forest Functional levels
Finally found a link describing the features at each level, although I don't
see the ABE for DFS stuff mentioned specifically:
http://technet.microsoft.com/en-us/library/cc771132(WS.10).aspx
NTLM stuff: I think you guys are talking about Computer Config\Policies\Windows
Settings\Security Settings\Local Policies/Security Options\Network Security
"Network Security: LAN Manager authentication Level", which we have set in our
default domain controllers policy, currently using "Send LM & NTLM - use NTLMv2
session security if negotiated". I think we had to set this when we extended
the schema for WS08 or when we installed the first WS08 DC and started having
trouble with RIS imaging not joining computers to the domain.
http://support.microsoft.com/kb/954387 talks about the available options, and I
can see the WS08 R2 DCs are picking up the settings from AD. It sounds like I
should check that this hasn't changed to option 3 after raising the functional
level then? Or, am I looking for something else (newer)?
Sorry for all the questions-trying not to miss anything important.
From: Michael B. Smith [mailto:[email protected]]
Sent: Wednesday, January 12, 2011 7:49 AM
To: NT System Admin Issues
Subject: RE: Domain and Forest Functional levels
You have to change a GPO in order to get NTLMv1 back. The default policy is
changed to disable it.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Miller Bonnie L. [mailto:[email protected]]
Sent: Wednesday, January 12, 2011 10:35 AM
To: NT System Admin Issues
Subject: RE: Domain and Forest Functional levels
Do you mean it defaults higher and will switch back to NTLMv1 as needed, or is
NTLMv1 gone completely? I am going to search more this morning, but if you
have any links it is much appreciated.
Thanks,
-Bonnie
From: Michael B. Smith [mailto:[email protected]]
Sent: Tuesday, January 11, 2011 2:02 PM
To: NT System Admin Issues
Subject: RE: Domain and Forest Functional levels
You lose NTLMv1 by default, plus some security switches flip up to "more
secure".
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Miller Bonnie L. [mailto:[email protected]]
Sent: Tuesday, January 11, 2011 4:40 PM
To: NT System Admin Issues
Subject: Domain and Forest Functional levels
We are currently running WS08 R2 schema (upgraded quite a while ago), but still
sitting at WS03 functional levels for both the domain and forest settings.
I'm trying to get ABE working with DFS, and have discovered the domain
functional level must be at WS08 minimum (amongst other things, including
namespace migrations).
So, besides not being able to run a WS03 DC in WS08 functional mode or both
WS03 and WS08 DCs in WS08 R2 functional mode, is there anything else that is
LOST functionality? I'm finding a lot of articles on how-to and what you can
gain, but I want to make sure we won't miss anything important that is in use.
Still searching, but if you have any links or first-hand knowledge, I would
appreciate it as it's been many years since we've had to raise levels for a
feature.
We are also running:
Exchange 2007 SP3
Sharepoint 2007 SP2
SCCM 2007 (R2 I think, can find out if it matters)
Thanks,
-Bonnie
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
