Re: Accessing Windows 2000 Server Remote Registry

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/14/04


Date: Sun, 14 Nov 2004 09:15:58 -0700

This sounds like it could be a failure in negotiating the security
protocol to use, in the signing requirements for schannel, or such.
Is this a problem access all uplevel machines from NT4 or only
accessing some of them? I am guessing only some of them,
and this is a setting in the local security policy of the member,
rather than some setting(s) being applied domain-wide from GPO.
Take a look at a couple settings first on the inaccessible W2k:
do not have set: require strong Windows 2000 session key
change to when possible if set to always: the digitally sign and
   the digitally encrypt communications settings (2 sets of policies)
   for the W2k's server behaviors

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message 
news:85177CEE-9CA6-448B-A98E-2655FB5F1AA1@microsoft.com...
>I can resolve the name fine. It is accessing it when I run into issues.
> Access Denied is the message I get. I have looked at the article you
> suggested but so far none of the settings are relevant or have made a
> differnce if I changed them. I can get to the same NT server from the W2K
> server but not the other way around. Strange and frustrating.
>
> "Steven L Umbach" wrote:
>
>> It might be a name resolution problem. Try connecting via the computers 
>> IP
>> address instead of name to see if that helps and verify that you can ping
>> the computer from the source computer. Since you are still using wins, 
>> make
>> sure that W2K server is also a wins client. Do you get any error messages
>> when you try to connect?? The link below explains problems that can arise
>> from incompatible security settings [security options in security policy
>> such as Local Security Policy] on a W2K computer.  --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659  -- look 
>> at
>> Examples of Compatibility Problems particularly for anonymous access and
>> digitally sign communications.
>>
>> "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message
>> news:26FFD10B-33B5-41ED-B808-85BC5095849D@microsoft.com...
>> > Not sure if this is related to GPO but I am unable to access the 
>> > registry,
>> > browse via network neighborhood, etc. to a Windows 2000 member server 
>> > from
>> > another Windows NT 4 member server. I cannot do this from any of my NT 
>> > 4
>> > member servers. Both are logged in as the domain admin. Any thoughts 
>> > are
>> > appreciated.
>> >
>> > -- 
>> > netwerktek
>>
>>
>>