Re: Win 2003 application access issue - Please Help
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Jun 2006 14:51:22 -0500
My guess is that since they are trying to access from an NT4.0 domain that
the problem could be related to anonymous user access in the security
settings in Local Security Policy of the Windows 2003 server which can be
accessed via secpol.msc on that server and look at the security options
under local policies\security options of which there are about five for
anonymous access under network access: settings. Be sure to document your
current settings and easy way would be to right click security options and
select export. Then you need to specify a file name and location for the
saved settings and be sure to print the list so that you can see the export
was successful. The link below is a great KB article about the various
security settings and incompatibilities that may arise from various
settings. After you change a setting run gpupdate /force on the Windows
2003 server to implement the changes in security policy. The two settings
which I would start with are to set do not allow anonymous enumeration of
sam accounts and shares to be disabled and let everyone permissions apply to
anonymous users to be enabled. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
"Diane" <Diane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:924C83B0-133B-4975-889D-5DDF4854811C@xxxxxxxxxxxxxxxx
I am not familiar with security, so I apologize in advance for what are
likely very naive questions.
Our site has 2 domains. Users log into domain A which is an old NT 4
server. Domain B has windows 2k DCs, win 2k exchange 2003 server, and a
win
2003 standard member server. A trust relationship exists between domain A
and domain B. Also, the usernames and passwords are identical on both
domains. No issues accessing the win2k servers from users logged into
Domain
A - it's only with the win2003 server.
A new client/server application has been installed on the win 2003 server
(no service packs) with a client app on Win XP Pro/SP2 desktops. Whenever
users attempt to use the client, it will not run until they use explorer
to
browse to the proper 2003 folder. They then get a username/password
request.
They must log in to Domain B after which they can map to the application
folders and access what is needed. They can then use the app with no
issue.
After they log off, the whole thing must be repeated the next time they
log
on and want to use the app. I have added domain B/domain uers to the
folder
permissions and security and, scanned the security and account policies on
the 2003 server but am wary of changing anything and causing bigger
problems.
Can someone help me
understand what needs to be done to avoid the logon issue every time a
user
wants to use this application? More applications of this type are coming,
so
I just see the issue increasing.
Thanks very much for your help.
.
- Prev by Date: Re: removing user from domain users group doesn't help
- Next by Date: Re: removing user from domain users group doesn't help
- Previous by thread: 802.1x host auth fails with WinXP supplicant
- Next by thread: Re: WMI and Windows 2003 SP1
- Index(es):
Relevant Pages
|
|
