Re: Windows Server 2003 Security Guide issue

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/01/04

Next message: Hernan Seijas: "folder permission"
Previous message: cosimo: "Re: Windows Server 2003 Security Guide issue"
In reply to: cosimo: "Re: Windows Server 2003 Security Guide issue"
Next in thread: Steven L Umbach: "Re: Windows Server 2003 Security Guide issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 1 Dec 2004 07:47:57 -0700

Have you yet examined behavors when loosening/adjusting the
polices Steve has indicated, or the SChannel security level policy?
The behavior seems to indicate that server is requiring a level of
schannel or communication signing that other machines are not
configured to allow, hence communications never get as far as
attempting login authentication

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"cosimo" <cosimo@discussions.microsoft.com> wrote in message
news:D283B3C8-35AA-45BF-BAFB-4311B09E6094@microsoft.com...
> I've noted the same beaviour even if I attempt to connect from  the DC1
> machine to any other client joined to domain (and not only to standalone
> machine).
> In other words if I attempt to connect from DC1 (with enterprise policy
> enabled) to any other machine (joined or not to domain) it is impossible
and
> a message says: "...the user may not have the request authorizzations...."
> Instead if I wont to connect to DC1 machine from any other domain client
> machine this is possible, but if I wont to connect to DC1 from a
standalone
> machine with Windows 2000 Pro (not joined to domain) this is impossible.
> At last if I wont to connect from standalone windows 2000 Pro workstatio
to
> another client in the domain, this is possible.
> I've enabled the account logon event policy but when the issues occours,
no
> events are logged not on the server (DC1) nor on the clients.

Next message: Hernan Seijas: "folder permission"
Previous message: cosimo: "Re: Windows Server 2003 Security Guide issue"
In reply to: cosimo: "Re: Windows Server 2003 Security Guide issue"
Next in thread: Steven L Umbach: "Re: Windows Server 2003 Security Guide issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: RWW and Remote desktop stopped working on all clients
... (was a policy issue, ... the RWW site with no trouble, select options, use OWA via RWW site, and I ... adminsitrator or another account with Domain Admin role; also the server ... The first client reported to have the ...
(microsoft.public.windows.server.sbs)
Re: Admin Account locked out every hour.
... To find on which DC or server or client the problems are originating turn on ... Using the NLPARSE tool (from the Account Lockout and Management Tools - ... The lockout originates from the domain controller DC1. ...
(microsoft.public.windows.server.active_directory)
Re: Prevented from adding users
... Disabling the policy has not resolved the problem. ... setting I should configure my print server name? ... Without stepping through the debugger on this I am unsure why the client ...
(microsoft.public.windowsxp.print_fax)
Re: GPO causing client security logs to fill?
... Enabled Small Business Server Remote Assistance Policy No ... titled "Client Logon Failure". ... So basically, the Account lockout threshold, account lockout ...
(microsoft.public.windows.server.sbs)
Re: authentication problem
... I my domain computers already have the client/repond policy assigned to them ... > the problem is that you can only log on to the client ... What's the OS of the server you are logging on? ... >>session with a domain controller in this domain LABB ...
(microsoft.public.win2000.security)