You can have Windows 95 and NT 4 machines running on a Mixed Mode or Native Mode AD. The Authentication protocols of NTLM and Kerberos 5 are configurable in Group Policies. So if/when your network goes to all 2k/XP machines, you can then move over the authentication protocol to Kerberos if you want to. Just for kicks, look at group policy and search for NTLM. (Sorry I do not have Admin rights where I am to verify the location). The default Authentication protocol should be NTLM for a domain brought up for the first time in Mixed or Native modes. I have not tested the Native mode fresh install without going through Mixed mode to verify.
~B On Tue, 14 May 2002, Dozal, Tim wrote: > I am no AD expert but my experience is that in Mixed mode you will use NTLM (i.e NT >4) authentication (plain test transmission)) when connecting between hosts on the >network. If your infrastructure has any non-windows 2000/XP machines then you must >use mixed mode. If you are building a whole new environment and have no need to >connect to legacy OS's then you can run in native mode and take advantage of the >higher level security of the Kerberos authentication model (I think MD5 crypto on the >transmissions). Most migrations will not be able to do this because they are not >replacing every host with a windows 2000 or newer OS. > > I welcome people to expand on this for my own knowledge also. > > -Tim > > > -----Original Message----- > From: leon [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 13, 2002 5:50 PM > To: [EMAIL PROTECTED] > Subject: Active Directory Security Migration Questions: > > > Hi > > I had a coworker ask me the following questions and I was unsure of the answers to >most so I thought I might ask for some help. > > > 1)��What does native mode bring in terms of granular user rights and group policy >that mixed mode does not? > 2)� Are there specific security advantages to using native mode over mixed mode? If >so what are they? > > > I really appreciate the help and thanks again. > > Cheers, > > Leon > >
