Re: Accessing Windows 2000 Server Remote Registry

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/14/04


Date: Sun, 14 Nov 2004 09:15:58 -0700

This sounds like it could be a failure in negotiating the security
protocol to use, in the signing requirements for schannel, or such.
Is this a problem access all uplevel machines from NT4 or only
accessing some of them? I am guessing only some of them,
and this is a setting in the local security policy of the member,
rather than some setting(s) being applied domain-wide from GPO.
Take a look at a couple settings first on the inaccessible W2k:
do not have set: require strong Windows 2000 session key
change to when possible if set to always: the digitally sign and
   the digitally encrypt communications settings (2 sets of policies)
   for the W2k's server behaviors

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message 
news:85177CEE-9CA6-448B-A98E-2655FB5F1AA1@microsoft.com...
>I can resolve the name fine. It is accessing it when I run into issues.
> Access Denied is the message I get. I have looked at the article you
> suggested but so far none of the settings are relevant or have made a
> differnce if I changed them. I can get to the same NT server from the W2K
> server but not the other way around. Strange and frustrating.
>
> "Steven L Umbach" wrote:
>
>> It might be a name resolution problem. Try connecting via the computers 
>> IP
>> address instead of name to see if that helps and verify that you can ping
>> the computer from the source computer. Since you are still using wins, 
>> make
>> sure that W2K server is also a wins client. Do you get any error messages
>> when you try to connect?? The link below explains problems that can arise
>> from incompatible security settings [security options in security policy
>> such as Local Security Policy] on a W2K computer.  --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659  -- look 
>> at
>> Examples of Compatibility Problems particularly for anonymous access and
>> digitally sign communications.
>>
>> "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message
>> news:26FFD10B-33B5-41ED-B808-85BC5095849D@microsoft.com...
>> > Not sure if this is related to GPO but I am unable to access the 
>> > registry,
>> > browse via network neighborhood, etc. to a Windows 2000 member server 
>> > from
>> > another Windows NT 4 member server. I cannot do this from any of my NT 
>> > 4
>> > member servers. Both are logged in as the domain admin. Any thoughts 
>> > are
>> > appreciated.
>> >
>> > -- 
>> > netwerktek
>>
>>
>> 


Relevant Pages

  • SecurityFocus Microsoft Newsletter #164
    ... Got Storage Security Risks? ... MICROSOFT VULNERABILITY SUMMARY ... Chat Client FTP Server Default Username Credential Weak... ... NetServe Web Server is a compact web server for Microsoft Windows ...
    (Focus-Microsoft)
  • Re: im being held in memory
    ... How can I harden my computer or server to secure it from hackers? ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.security)
  • MS and security: good effort but no cigar
    ... build upon the progress it's already made in security. ... The low-hanging fruit of millions of insecure Windows machines ... Then there's the issue of poorly secured server applications. ... and execute external virus and filtering ...
    (microsoft.public.windowsxp.general)
  • SecurityFocus Microsoft Newsletter #167
    ... MICROSOFT VULNERABILITY SUMMARY ... Multiple Vendor XML Parser SOAP Server Denial Of Service Vul... ... Proactive Windows Security Explorer ...
    (Focus-Microsoft)
  • Re: Group Policy broke my DCs
    ... to be very careful with tweaking services on domain controllers. ... Group Policy - security policy at the OU level which makes it much easier to ... complied from the Windows 2003 Server Security guide for baseline core ... Server - automatic ...
    (microsoft.public.windows.group_policy)