Re: Users can't change password
From: Steven L Umbach (sumbach_at_ameritech.net)
Date: 06/12/03
- Next message: ludko: "windows help"
- Previous message: Sigitas Skublickas: "Re: admin group in OU - help please"
- In reply to: Marina Roos: "Re: Users can't change password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Jun 2003 23:09:49 GMT
WINS may be needed for a downlevel client to find a dc, but Directory
Services Client may be needed to authenticate with it depending on security
option lan manager authentication level. If it is set to only allow ntlmv2,
then a W9X computer without Directory Services Client will fail to
authenticate with it, but installing the DSC will allow it to use ntlmv2.
Even if lan manager authentication level is not at the most secure level,
using DSC may speed up authentication process and eliminate some
intermittent problems. It is aways a good idea to use DSC on W9X Clients.
The lm authentication they use can be very easily cracked. --- Steve
"Marina Roos" <marina@roos.nospam.nl.com> wrote in message
news:9uMFa.52168$506.46894@typhoon.bart.nl...
> Really no need for installing AD-client on W9x-machines.
> Got WINS-server installed on server? That is what W9x needs.
>
> Marina
>
> "B Nolan" <bnolan@blueyonder.co.uk> schreef in bericht
> news:O#6cd3EMDHA.3700@tk2msftngp13.phx.gbl...
> > Thanks Steve. The DC's are all service pack 2, but I will try the things
> > you've pointed out. Must admit, I was thinking of the AD client for the
> > Win9X machines myself :)
> > Thanks again, Baz
> >
> > "Steven L Umbach" <n9rou@attbi.com> wrote in message
> > news:tmtFa.95631$d51.159371@sccrnsc01...
> > > There are a few security settings that may cause a problem,
> but
> > > you say that no settings have been changed?? I assume you have
> installed
> > at
> > > least Service Pack2 and updated patches. The two that come to mind
worth
> > > checking are - try disabling the four "digitally sign communications"
> > > security options until problem is resolved. The security option for
> > > "additional rights for anonymous connections" , if set to no access
> > without
> > > explicit anonymous permissions can sometimes cause problems. You may
> also
> > > try to install Directory Services Client [on W2K install cdrom] on the
> W9X
> > > clients. I would also suggest running dcdiag on the domain
> > controller. ---
> > > Steve
> > >
> > > "B Nolan" <bnolan@blueyonder.co.uk> wrote in message
> > > news:#JyLOX4LDHA.3144@tk2msftngp13.phx.gbl...
> > > > When users on our network (Win2K DC's, clients running a mix of
Win98
> > and
> > > XP
> > > > Pro) are prompted (at logon) to change their passwords due to
> > expiration,
> > > > they put a new password in, then are told that they don't have
> > permission
> > > to
> > > > change the password... even the Administrator! There are no GPO's in
> > place
> > > > except the default domain one (we've just got the network up and
> > running).
> > > > Funny thing is, if the XP users do the CTRL-ALT-DEL to get to
> > taskmanager,
> > > > they *can* change their domain password from there.
> > > > Any ideas?
> > > >
> > > > Baz
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: ludko: "windows help"
- Previous message: Sigitas Skublickas: "Re: admin group in OU - help please"
- In reply to: Marina Roos: "Re: Users can't change password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
