Re: NTLM

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 12/31/03 

Date: Tue, 30 Dec 2003 18:20:32 -0800

Um . . . I'm not an authentication expert, but this sounds like it might be
that NTLM doesn't do double-hop auth. If it's you own in-house app, the
solution is to use kerberos and delegation. I don't know what
kb/whitepapers cover this, but there ought to be good enough search terms in
those previous 2 sentences for you to find a good explanation with your
favorite search engine.

If that's not it, I'd start sniffing the network traffic.

(btw: The path you asked about in your first post looks like it was from the
group policy snapin in mmc.) 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Citimouse" <citimousemeow@hotmail.com> wrote in message
news:3ff12b09@news.starhub.net.sg...
> By the way, this happens when the client is XP too. Our DC is Windows 2000
> SP2 and remember the server that is hosting the application is Windows
2003.
>
> Thanks. :)
>
>
> "Citimouse" <citimousemeow@hotmail.com> wrote in message
> news:3ff12732@news.starhub.net.sg...
> > Hi,
> >
> > Thanks for your reply. But the Win2K professional has been patch with
the
> > latest Service Pack and all security hotfixes.
> >
> > Any other ideas that I can try?
> >
> > Thanks.
> >
> > "Karin Galli [MS]" <i-kgbauz@online.microsoft.com> wrote in message
> > news:%23VJRfsszDHA.2928@TK2MSFTNGP09.phx.gbl...
> > > This article may be helpful:
> > >
> > > 289243 MS02-001: Forged SID Could Result in Elevated Privileges in
> Windows
> > > 2000
> > > http://support.microsoft.com/?id=289243
> > >
> > > Also, if you have trust with an NT domain and W2K machines are on this
> > > domain, check that the W2K stations have synchronized the time with
the
> > W2K
> > > domain.
> > >
> > > -- 
> > > =====================================================
> > > When responding to posts, please "Reply to Group" via
> > > your newsreader so that others may learn and benefit
> > > from your issue.
> > > =====================================================
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > >
> > > "news.starhub.com.sg" <asd@asd.dd> wrote in message
> > > news:3ff0d65f$1@news.starhub.net.sg...
> > > > Hi All,
> > > >
> > > > It seems that I have a problem with NTLM in my Windows 2003. I tried
> to
> > > > access a program located in Windows 2003 server using my Win2K
> > > Professional.
> > > > When I tried to log into the application, it says "Access is
Denied".
> > > >
> > > > In the Event Log, I found this error,
> > > >
> > > > Event Type: Failure Audit
> > > > Event Source: Security
> > > > Event Category: Logon/Logoff
> > > > Event ID: 537
> > > > Date:  30-Dec-03
> > > > Time:  2:58:53 PM
> > > > User:  NT AUTHORITY\SYSTEM
> > > > Computer: OSAN
> > > > Description:
> > > > Logon Failure:
> > > >   Reason:  An error occurred during logon
> > > >   User Name: wyc
> > > >   Domain:  AAF
> > > >   Logon Type: 3
> > > >   Logon Process: NtLmSsp
> > > >   Authentication Package: NTLM
> > > >   Workstation Name: HELP
> > > >   Status code: 0xC000005E
> > > >   Substatus code: 0x0
> > > >   Caller User Name: -
> > > >   Caller Domain: -
> > > >   Caller Logon ID: -
> > > >   Caller Process ID: -
> > > >   Transited Services: -
> > > >   Source Network Address: xx.xxx.xxx.xx
> > > >   Source Port: 1496
> > > >
> > > > For more information, see Help and Support Center at
> > > > http://go.microsoft.com/fwlink/events.asp.
> > > >
> > > > I search for help in both MSKB and Windows 2003 Help file. In
Windows
> > 2003
> > > > server, I found this article,
> > > >
> > > > "You can configure this security setting by opening the appropriate
> > policy
> > > > and expanding the console tree as such: Computer
Configuration\Windows
> > > > Settings\Security Settings\Local Policies\Security Options\"
> > > >
> > > > May I know where can I find it? Also, does anyone has experience
this
> > > > before?
> > > >
> > > > Thanks in advance.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: So leaky that a $4 billion industry was built to protect it
    ... a richer data interpreter, e.g. Wordpad ... release on Windows then, and ever since. ... To do any real damage to the operating system as ... with their rights) have the right to alter their own data. ...
    (microsoft.public.windowsxp.general)
  • Re: WM5 to WM6 GPSID Problem on HTC P3300
    ... Windows CE Networking ... This posting is provided "AS IS" with no warranties, and confers no rights. ... your WM6 SDK GPS sample, ... public GpsPosition GetPosition ...
    (microsoft.public.pocketpc.developer)
  • ASPNET->NETWORK SERVICE rights too restrictive
    ... We have asp.net code which calls a dcom component exe, ... but on Windows 2003 Enterprise Edition Sp1 this is NETWORK SERVICE ... We believe we are being denied GUI resources that we need. ... I'm sure the Administrator user has more real rights than we ...
    (microsoft.public.platformsdk.security)
  • Re: NSA given a back door into every copy of Windows sold
    ... as though you believed that had Windows been a "Chinese" ... breach those rights. ... breaching the right to privacy itself. ... assume that Windows does not have backdoors ...
    (alt.privacy)
  • Re: Active Directory / Policies questions
    ... I will check the rights. ... when we tried to install something it stated we ... all the other sites have one Windows 2000 DC server. ... I really mean DNS entries for the NIC connexion. ...
    (microsoft.public.win2000.active_directory)