RestrictAnonymous=2 & WinXP Clients
From: John Singler (singler@vet.upenn.edu)
Date: 08/26/02
- Next message: Terence: "Disable search computer name function"
- Previous message: Jim BOB: "permissions on folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Singler" <singler@vet.upenn.edu> Date: Mon, 26 Aug 2002 10:49:14 -0400
Folks,
I have a ticket open with MS on this and seeing that they are reluctant to
release this problem as a KB article I figured that I could save you some
headache by informing you of some unexpected behavior when using a Security
Policy that enables RA=2 on your DC(s).
For an explanation of RA, please see
http://support.microsoft.com/default.aspx?scid=kb;en-us;q246261
As you can see from the above article RA=2 breaks things for down-level
clients and Mac users (but if you want a secure environment you don't care
about them anyway...). Well it also breaks things for up-level (??)
clients, namely WinXP machines. When a user on a WinXP box is "FORCED" to
change his/her password s/he will receive an error message stating "You do
not have permission to change you password". If you are already logged on
and "CHOOSE" to change your password you WILL be able to do so. If your
password expires you will NOT be able to log in to the Domain...
Welcome to MS's new security initiative's.
-John
- Next message: Terence: "Disable search computer name function"
- Previous message: Jim BOB: "permissions on folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
