Re: Accessing Windows 2000 Server Remote Registry
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: Sun, 14 Nov 2004 09:15:58 -0700
This sounds like it could be a failure in negotiating the security
protocol to use, in the signing requirements for schannel, or such.
Is this a problem access all uplevel machines from NT4 or only
accessing some of them? I am guessing only some of them,
and this is a setting in the local security policy of the member,
rather than some setting(s) being applied domain-wide from GPO.
Take a look at a couple settings first on the inaccessible W2k:
do not have set: require strong Windows 2000 session key
change to when possible if set to always: the digitally sign and
the digitally encrypt communications settings (2 sets of policies)
for the W2k's server behaviors
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4 "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message news:85177CEE-9CA6-448B-A98E-2655FB5F1AA1@microsoft.com... >I can resolve the name fine. It is accessing it when I run into issues. > Access Denied is the message I get. I have looked at the article you > suggested but so far none of the settings are relevant or have made a > differnce if I changed them. I can get to the same NT server from the W2K > server but not the other way around. Strange and frustrating. > > "Steven L Umbach" wrote: > >> It might be a name resolution problem. Try connecting via the computers >> IP >> address instead of name to see if that helps and verify that you can ping >> the computer from the source computer. Since you are still using wins, >> make >> sure that W2K server is also a wins client. Do you get any error messages >> when you try to connect?? The link below explains problems that can arise >> from incompatible security settings [security options in security policy >> such as Local Security Policy] on a W2K computer. --- Steve >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 -- look >> at >> Examples of Compatibility Problems particularly for anonymous access and >> digitally sign communications. >> >> "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message >> news:26FFD10B-33B5-41ED-B808-85BC5095849D@microsoft.com... >> > Not sure if this is related to GPO but I am unable to access the >> > registry, >> > browse via network neighborhood, etc. to a Windows 2000 member server >> > from >> > another Windows NT 4 member server. I cannot do this from any of my NT >> > 4 >> > member servers. Both are logged in as the domain admin. Any thoughts >> > are >> > appreciated. >> > >> > -- >> > netwerktek >> >> >>