When you run Dcpromo to promte a Windows 2000 server to a domain controller, you are prompted to choose between:
--> Permissions compatible with pre-Windows 2000 servers
--> Permissions compatible only with Windows 2000 servers
The first option allows anonymous (null) connections, which Windows NT 4.0 clients use for various credential actions.
The method used to accomplish this is patently simply, the Everyone group is added to the "Pre-Windows 2000 Compatible Access" group.
To alter your Dcpromo selection to:
--> Permissions compatible with pre-Windows 2000 servers: net localgroup "Pre-Windows 2000 Compatible Access" everyone /add --> Permissions compatible only with Windows 2000 servers net localgroup "Pre-Windows 2000 Compatible Access" everyone /deleteNOTE: See tip 2122 » How can I use a Windows NT 4.0 RAS/RRAS server in a Windows 2000 domain?
0 comments
Hide comments