Re: "broken"/missing ACL's?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/23/05
- Next message: James Garrison: "Re: Local Audit Policy - Administrator cannot change?"
- Previous message: Steven L Umbach: "Re: Admin right for station"
- In reply to: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Next in thread: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Nov 2005 14:24:55 -0600
I should also mention that there are many security settings that can cause a
problem with a NT4.0 in an Active Directory domain particularly with Windows
2003 domain controllers which by default require SMB signing. The link below
explains many of the settings that can cause a problem. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:ocidnYFDQdWPUBnenZ2dnUVZ_tCdnZ2d@comcast.com...
>I think you are right in that the computer is having problems contacting
>the domain controller consistently. Look in the logs via Event Viewer to
>see if anything helpful is recorded there. Since NT4.0 uses only netbios
>over tcp/ip name resolution you need to make sure that wins is set up
>correctly on the network, that the NT4.0 computer is a wins client, and the
>domain controller is a wins client. You might be able to get by without
>using wins but wins would be more reliable. Another possibility is to try
>lmhosts file entries for the domain controller as shown in the link below.
>If problems persist I would suspect a bad network adapter, flaky drivers
>for the network adapter, bad CAT5 cable, or even a problem with the switch
>port. Nltest /query can be used to check the secure channel to the domain
>ontroller. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;180094 ---
> lmhosts file
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;158148 ---
> nltest
>
> "Maury Markowitz" <MauryMarkowitz@discussions.microsoft.com> wrote in
> message news:FE1AE7C8-BA8C-4753-ABA9-9D7AF93144AD@microsoft.com...
>>I have been tracking down a problem for a few days now, and I finally
>> understand what's going on...
>>
>> On one machine in our office running NT4, any attempt to add ACLs for any
>> reason fails. The user/group/etc. can be added as you would expect -- you
>> select the user/group/etc from the "pick list" for the domain, and then
>> click
>> Add, at which point it appears in the ACL list. However when you
>> immediately
>> open the list again, that entry has been replaced with the "unknown user"
>> icon and the ACL name itself is a long string of alphanums.
>>
>> I have seen this behaviour in the past when you delete a user, at which
>> point the account goes "unknown". However the ones I am attempting to
>> apply
>> are valid, and in widespread use. The problem effects both file ACL's as
>> well
>> as DCOM settings, which is where I saw it the first time.
>>
>> It _seems_ like the machine is having problems talking to the domain
>> controller. The reason I say this is that I notice if I open an ACL list
>> on
>> my machine, the list will show these same sort of unknown icons for a
>> second
>> or two before being replaced by the correct name and icon. I assume this
>> happens as the local machine communicates with the domain server and
>> updates
>> its display. On the problem machine, this update never occurs.
>>
>> It can't be that simple though, because the machine can still work on the
>> network fine, and seems to have credentials.
>>
>> Anyone seen this before?
>>
>> Maury
>>
>
>
- Next message: James Garrison: "Re: Local Audit Policy - Administrator cannot change?"
- Previous message: Steven L Umbach: "Re: Admin right for station"
- In reply to: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Next in thread: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
