It is preferable to have them authenticate to the domain, but I might be able to convince them to authenticate to a local account on the file server they hit. The problem is that I assume whenever the file server gets upgraded to Server 2008 R2, the same problem will occur.
Ken Cornetet 812.482.8499 To err is human - to moo, bovine. From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Tuesday, August 16, 2011 12:55 PM To: NT System Admin Issues Subject: RE: WIndows 95 and Server 2008 R2 DCs Do they "have to" auth against the domain? Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com<http://www.fiserv.com/> [cid:image001.jpg@01CC5C14.326409E0] From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, August 16, 2011 12:51 PM To: NT System Admin Issues Subject: WIndows 95 and Server 2008 R2 DCs I have some Windows 95 computers authenticating against my domain. Currently, the domain is running on Server 2003 DCs, but I am in the process of upgrading to Server 2008 R2 DCs. I have already started to deploy Server 2008 DCs. I have one location that has a couple of Windows 95 computers, and they cannot authenticate against a Server 2008 R2 DC - even with what I think is the appropriate group policy (the same policy allows the Windows 95 machines to authenticate against Server 2003 DCs). OK, I know, Windows 95. But, these are used as controllers in some multi-million dollar machinery that was purchased long ago from a company that is now defunct. Replacing this equipment is simply not an option. Upgrading the OS is not an option. Installing the AD client extension for Windows 9x *might* be an option, but only as a last resort. The factory guys who maintain this equipment obviously do not like to stir the soup, because the apparently only human left on earth who can support this equipment charges 5 figures to just answer the phone. Here's what I have in the Default Domain Controller Policy: Microsoft network client: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (if client agrees) Enabled Network security: Do not store LAN Manager hash value on next password change Disabled Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 session security if negotiated Allow cryptography algorithms compatible with Windows NT 4.0 Enabled Any suggestions? Ken Cornetet 812.482.8499 To err is human - to moo, bovine. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>