Re: Accessing Windows 2000 Server Remote Registry

From: Roger Abell [MVP] (
Date: 11/14/04

Date: Sun, 14 Nov 2004 09:15:58 -0700

This sounds like it could be a failure in negotiating the security
protocol to use, in the signing requirements for schannel, or such.
Is this a problem access all uplevel machines from NT4 or only
accessing some of them? I am guessing only some of them,
and this is a setting in the local security policy of the member,
rather than some setting(s) being applied domain-wide from GPO.
Take a look at a couple settings first on the inaccessible W2k:
do not have set: require strong Windows 2000 session key
change to when possible if set to always: the digitally sign and
   the digitally encrypt communications settings (2 sets of policies)
   for the W2k's server behaviors

Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"Netwerktek" <> wrote in message
>I can resolve the name fine. It is accessing it when I run into issues.
> Access Denied is the message I get. I have looked at the article you
> suggested but so far none of the settings are relevant or have made a
> differnce if I changed them. I can get to the same NT server from the W2K
> server but not the other way around. Strange and frustrating.
> "Steven L Umbach" wrote:
>> It might be a name resolution problem. Try connecting via the computers 
>> IP
>> address instead of name to see if that helps and verify that you can ping
>> the computer from the source computer. Since you are still using wins, 
>> make
>> sure that W2K server is also a wins client. Do you get any error messages
>> when you try to connect?? The link below explains problems that can arise
>> from incompatible security settings [security options in security policy
>> such as Local Security Policy] on a W2K computer.  --- Steve
>>;en-us;823659  -- look 
>> at
>> Examples of Compatibility Problems particularly for anonymous access and
>> digitally sign communications.
>> "Netwerktek" <> wrote in message
>> > Not sure if this is related to GPO but I am unable to access the 
>> > registry,
>> > browse via network neighborhood, etc. to a Windows 2000 member server 
>> > from
>> > another Windows NT 4 member server. I cannot do this from any of my NT 
>> > 4
>> > member servers. Both are logged in as the domain admin. Any thoughts 
>> > are
>> > appreciated.
>> >
>> > -- 
>> > netwerktek