Re: Cannot access Resources from a Win98 ClientPC

From: Michael P. Schieferer (simi_at_diel.co.at)
Date: 06/28/05 

Date: Tue, 28 Jun 2005 18:19:26 +0200

Hello Steve!

Thank you very much for your inspiration, now I've found a way to get
things working.

For the log in and fileshare problem the solution was to simple turn
NTLMv2 Authentication on.

To get the System policies working there is a really fine KB article
(How To Create a System Policy Setting in Microsoft Windows Server 2003
found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;814598)

Now all things are working I can go home :D

Michael

Steven L Umbach schrieb:
> Well that is strange that it would not work with NTLMV2 as by default a
> Windows 2000/2003 server will accept any downlevel authentication method
> from LM to NTLMv2. It is hard to say what was going on there. If you have
> not done such I would still try enabling SMB signing on the W98 computer.
> There is also an updated version of Directory Services Client for W98 so
> depending on the version you were using that may have been an issue. As far
> as the problem with config.pol. I don't know offhand what the issue could be
> but Windows 2003 Server is much more locked down than Windows 2000 and is
> not real friendly to downlevel clients in default configuration. Check out
> the link below which discusses a lot of incompatibilities with security
> options for Windows 2000/2003 and downlevel clients which may help you
> resolve the config.pol issue though I would be careful in reducing security
> on your Windows 2003 domain unless it is more important for you to get the
> config.pol working for the Windows 98 computer. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
>
> "Michael P. Schieferer" <simi@diel.co.at> wrote in message
> news:ubplET$eFHA.1404@TK2MSFTNGP09.phx.gbl...
>
>>Hello Steven!
>>
>>Can't believe it... We've already tried to activate the NTLM 2
>>authentication but we couldn't log on afterwards. Now I tried it again on
>>a clean install an it works!!
>>
>>Fine, now can we access the Fileshares, but it seems the "config.pol" was
>>not used. We still can do anything on the machine. Maybe you can help me
>>with this again? :)
>>
>>Regards
>>Michael P. Schieferer
>>
>>Steven L Umbach schrieb:
>>
>>>The two biggest problems with downlevel clients are the security options
>>>for lan manager authentication level and digitally signing of
>>>communications. More than likely the problem is that the Windows 2003
>>>server requires digitally signing of communications. You can use Local
>>>Security Policy [secpol.msc] and find the security option for Microsoft
>>>network server:digitally sign communications:always and set it to
>>>disabled or enable SMB signing via a registry mod on the Windows 2003
>>>Server. The link below may help even though it discusses domain logon,
>>>but it shows how to enable NTLMv2 and SMB signing on Windows 98
>>>computers. Beyond that enabling netmon on the server where access is
>>>being denied and doing a packet trace of the access attempt may be
>>>helpful. --- Steve
>>>
>>>http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
>>>
>>>"Michael P. Schieferer" <simi@diel.co.at> wrote in message
>>>news:u2iq1E$eFHA.2888@TK2MSFTNGP15.phx.gbl...
>>>
>>>
>>>>Hello,
>>>>
>>>>we have a Windows Server 2003 infrastructure here with Windows XP PC. Now
>>>>we have to integrate a Windows98 PC for our development Departement.
>>>>
>>>>After setting up the Win98 Client and "joining" the domain we can
>>>>successfully logon but don't get access to any FileShare. DHCP Leases are
>>>>function proper also the ping succeded but if we try to map a Share using
>>>>"net use DEVICENAME \\server\share" we get an access denied.
>>>>
>>>>Further did we create a "config.pol" file with Win98 Poledit and stored
>>>>it in the netlogon shares on the DCs but the changes won't apply...
>>>>
>>>>We've tried for days now searching newsgroups but still haven't a
>>>>solution. We've found several KB Articles as "KB323455" and "KB271496"
>>>>but no change.
>>>>
>>>>Maybe you can help us, regards
>>>>Michael P. Schieferer
>>>
>>>
>

Relevant Pages

  • Re: Native Mode and Win9x/NT Clients Authentication
    ... > downlevel clients, such as Windows 9x, Windows 3.x, or DOS machines), you ... > authentication protocol. ... Kerberos was created by the Massachusetts Institute ... > Windows 2000 machines and downlevel clients, then both Kerberos and NTLM are ...
    (microsoft.public.win2000.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: form authentication and webservices
    ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... We will be using Windows Authentication on the Web Services side (same ... Dominick Baier ...
    (microsoft.public.dotnet.framework.aspnet.security)