Re: Accessing Windows 2000 Server Remote Registry

From: Netwerktek (Netwerktek_at_discussions.microsoft.com)
Date: 11/14/04

• Next message: Steven L Umbach: "Re: Event logs empty"
• Previous message: Netwerktek: "Re: Accessing Windows 2000 Server Remote Registry"
• In reply to: Roger Abell [MVP]: "Re: Accessing Windows 2000 Server Remote Registry"
• Next in thread: Roger Abell: "Re: Accessing Windows 2000 Server Remote Registry"
• Reply: Roger Abell: "Re: Accessing Windows 2000 Server Remote Registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 14 Nov 2004 08:39:05 -0800

On the inaccessible W2K Member Server, Locally all digitally signed policies
are disabled with "Digitally sign server comm (when possible)" being enabled
via GPO. Also all of the Secure Channel policies are disabled both locally
and via GPO. Still no go.

"Roger Abell [MVP]" wrote:

> This sounds like it could be a failure in negotiating the security
> protocol to use, in the signing requirements for schannel, or such.
> Is this a problem access all uplevel machines from NT4 or only
> accessing some of them? I am guessing only some of them,
> and this is a setting in the local security policy of the member,
> rather than some setting(s) being applied domain-wide from GPO.
> Take a look at a couple settings first on the inaccessible W2k:
> do not have set: require strong Windows 2000 session key
> change to when possible if set to always: the digitally sign and
> the digitally encrypt communications settings (2 sets of policies)
> for the W2k's server behaviors
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message
> news:85177CEE-9CA6-448B-A98E-2655FB5F1AA1@microsoft.com...
> >I can resolve the name fine. It is accessing it when I run into issues.
> > Access Denied is the message I get. I have looked at the article you
> > suggested but so far none of the settings are relevant or have made a
> > differnce if I changed them. I can get to the same NT server from the W2K
> > server but not the other way around. Strange and frustrating.
> >
> > "Steven L Umbach" wrote:
> >
> >> It might be a name resolution problem. Try connecting via the computers
> >> IP
> >> address instead of name to see if that helps and verify that you can ping
> >> the computer from the source computer. Since you are still using wins,
> >> make
> >> sure that W2K server is also a wins client. Do you get any error messages
> >> when you try to connect?? The link below explains problems that can arise
> >> from incompatible security settings [security options in security policy
> >> such as Local Security Policy] on a W2K computer. --- Steve
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 -- look
> >> at
> >> Examples of Compatibility Problems particularly for anonymous access and
> >> digitally sign communications.
> >>
> >> "Netwerktek" <Netwerktek@discussions.microsoft.com> wrote in message
> >> news:26FFD10B-33B5-41ED-B808-85BC5095849D@microsoft.com...
> >> > Not sure if this is related to GPO but I am unable to access the
> >> > registry,
> >> > browse via network neighborhood, etc. to a Windows 2000 member server
> >> > from
> >> > another Windows NT 4 member server. I cannot do this from any of my NT
> >> > 4
> >> > member servers. Both are logged in as the domain admin. Any thoughts
> >> > are
> >> > appreciated.
> >> >
> >> > --
> >> > netwerktek
> >>
> >>
> >>
>
>
>

---

• Next message: Steven L Umbach: "Re: Event logs empty"
• Previous message: Netwerktek: "Re: Accessing Windows 2000 Server Remote Registry"
• In reply to: Roger Abell [MVP]: "Re: Accessing Windows 2000 Server Remote Registry"
• Next in thread: Roger Abell: "Re: Accessing Windows 2000 Server Remote Registry"
• Reply: Roger Abell: "Re: Accessing Windows 2000 Server Remote Registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Local GPO refreshes outside of refresh interval ... I looked through my GPO's Windows Settings section ... > Some policies, including IE policies, have a checkbox that defines if this ... > it should apply EVEN if the value defined in GPO did not change since the ... we are talking about one particular policy: ... (microsoft.public.windows.group_policy) Re: Getting desperate: GPO applying incorrectly, PLEASE HELP ME!! ... all the settings for lockdown in it. ... I think you are on to something with the linking of the GPO. ... > OU to which the loopback GPO is linked, ... > OU you placed the TS server, and you set loopback on in replace ... (microsoft.public.windows.group_policy) Re: Assigning File and Folder Permissions Via Group Policy ... Putting all of our NTFS tweaks in one GPO is attractive to me because we ... rights" policy, and then if we need to break them out later we'll just cross ... my organization has not made a lot of use of group policies. ... A few policies with a lot of settings in each policy may not be the best ... (microsoft.public.windows.group_policy) Re: Getting desperate: GPO applying incorrectly, PLEASE HELP ME!! ... GPO security settings from the defauts. ... Restart the workstation computer and the Terminal server, ... I've chosen these settings only because the affect is easy to observe. ... add check mark in the Deny column for Apply Group Policy ... (microsoft.public.windows.group_policy) Re: laptops connect at work but not at home? ... > i'll try to disable the DNS-related settings in the GPO and see what ... machine joined to the NT4 domain exhibited this behavior after the NT4 ... But now that server runs W2K3, ... >> sub-OU under the OU with the GPO to get it to work. ... (microsoft.public.win2000.dns)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)