You really don't need to disable those, you can turn on the (when possible) ones instead as to not give up security all together for your 2000/xp clients.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, November 04, 2004 2:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain but as security doesn't seem to be your main worry, you could also turn off these new settings for the interims until you've updated the clients to a newer OS or installed the DSclient on them - so you can DISABLE the following security settings in the Default Domain Controllers policy to improve your 9x communication with Win2k3 DCs: Microsoft Network Server: Digitally sign communications (always) Domain Member: Digitally encrypt or sign secure channel data (always) This should allow your 9x clients to authenticate against Win2k3 DCs. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Wednesday, November 03, 2004 3:56 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain Yes, as I mentioned in another post: when Windows 2003 AD came out it included 2 new security mechanisms that are required for authentication. Downlevel clients (WfW, Win9x and WinNT) are not capable of communicating with those security mechanisms unless they are upgraded (WfW) or have the DS Client. Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Wednesday, November 03, 2004 9:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain Just one last question before this string goes away: Has anyone joined a Windows 98 machine to a Native Windows 2003 AD Domain that was not upgraded from an NT domain before? All of the responses I have seen have only been for a Windows 2000 AD and I'm wondering if a new security enhancement in 2003 is what is preventing my 98 machines from seeing and connecting to the 2003 AD. charle -----Original Message----- From: Carerros, Charles [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 11:34 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain I think there is more I have to do to get it work with AD though. Don't have I to make sure that the workstation is using NTLM2 authentication and SMB signing? (In which case I still might have to write off my Win95 boxes because I don't believe that they support either of those.) I really hope that I'm wrong, but then again if I'm right then they will all be forced to upgrade. I just need to make sure that I exhaust all resources before I go and tell someone the bad news about the 95 boxes. But I think that the script option might be the best approach. -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain Ok, it was worth a shot. I have not heard of or seen any tool that will help you with this. The only thing I can think of it in your logon script have it copy a script to the 9x machine, modify the registry to RunOnce that script you just copied and have that script on next logon change the domain member ship If that is at all possible. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Tuesday, November 02, 2004 12:13 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain Upgrading is not an option in this case. Politically its not allowed and technically its not that feasible either (there is an issue with the number of Exchange 5.5 environments that are going to be migrated into the new forest and how this is planned to be done). -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain You could potentially upgrade your NT Domain to a child domain of a AD forest. This would allow you to keep the netbios name at least for your network. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Tuesday, November 02, 2004 11:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain We are doing a migration from an NT domain into child domain of new AD forest so we cannot keep the same netbios name. We also have a slight problem with our naming convention in that all of our DCs are going to have nine character names. Thanks, chuck -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain If you build your Windows 2003 domain with the same netbios domain name they Win 9x won't care one way or another. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Tuesday, November 02, 2004 11:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain Hey group, I'm trying to find an easy way to do a massive migration of Windows 95\98 workstation from an NT domain to a Windows 2003 AD domain, however the tools that I'm finding don't seem to function, don't exists, or after installation I can't seem to find a domain controller. Also, MS seems to have dropped the link to Q article 323466 which is supposed to have an updated DS client. If someone has already created some documentation on this process, it would be extremely helpful. Thanks, Charlie List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
